From eb51c6364e9c12ace0733b8f1d7c0cf474e8b124 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Thu, 13 Dec 2018 12:05:33 -0500
Subject: [PATCH] API: Add User-Agent to CORS allow list

An updated spec[1] removed the User-Agent header from the list of forbidden
headers for XHR, so some clients are now requesting to use it.

[1] https://github.com/whatwg/fetch/commit/dab09b0c483

Change-Id: I43d42c3c3a6510721ff7e5fc406db797bf08ffae
---
 includes/api/ApiMain.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index bc76f8f306..3cc34070e2 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -829,6 +829,7 @@ class ApiMain extends ApiBase {
 			'dnt',
 			'origin',
 			/* MediaWiki whitelist */
+			'user-agent',
 			'api-user-agent',
 		] );
 		foreach ( $requestedHeaders as $rHeader ) {
-- 
2.20.1