API: Add Access-Control-Allow-Headers in CORS preflight response

[lhc/web/wiklou.git] / includes / api / ApiMain.php

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 004bfae..7600066 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -526,6 +526,7 @@ class ApiMain extends ApiBase {
                if ( $matchOrigin ) {
                        $response->header( "Access-Control-Allow-Origin: $originParam" );
                        $response->header( 'Access-Control-Allow-Credentials: true' );
+                       $response->header( 'Access-Control-Allow-Headers: Api-User-Agent' );
                        $this->getOutput()->addVaryHeader( 'Origin' );
                }