dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add Timing-Allow-Origin header for cross-domain API responses
[lhc/web/wiklou.git] / includes / api / ApiMain.php
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 82ed295..9a98054 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -554,6 +554,7 @@ class ApiMain extends ApiBase {
 
                        $response->header( "Access-Control-Allow-Origin: $originHeader" );
                        $response->header( 'Access-Control-Allow-Credentials: true' );
+                       $response->header( "Timing-Allow-Origin: $originHeader" ); # http://www.w3.org/TR/resource-timing/#timing-allow-origin
 
                        if ( !$preflight ) {
                                $response->header( 'Access-Control-Expose-Headers: MediaWiki-API-Error, Retry-After, X-Database-Lag' );
Wiklou, le Wiki du Wiklou