From 26a2d54b4a1a9bdefbefccfddd2b74c43b9d7965 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Sat, 10 Jan 2015 23:55:40 -0800
Subject: [PATCH] Add Timing-Allow-Origin header for cross-domain API responses

This makes it possible to get detailed network timing information
via ResourceTiming.

Change-Id: Ie88d4354285420014c0f1612446ba94fc2a8c68f
---
 includes/api/ApiMain.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 82ed295696..9a980544ec 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -554,6 +554,7 @@ class ApiMain extends ApiBase {
 
 			$response->header( "Access-Control-Allow-Origin: $originHeader" );
 			$response->header( 'Access-Control-Allow-Credentials: true' );
+			$response->header( "Timing-Allow-Origin: $originHeader" ); # http://www.w3.org/TR/resource-timing/#timing-allow-origin
 
 			if ( !$preflight ) {
 				$response->header( 'Access-Control-Expose-Headers: MediaWiki-API-Error, Retry-After, X-Database-Lag' );
-- 
2.20.1