Bug 1365662 - Adjust CORS headers to allow BMO integration with SSO
The CORS spec forbids using a wildcard when sending credentials,
so we have to explicitly whitelist BMO, so that it can pass the SSO
cookie when making API calls.
--- a/server/handlers.py
+++ b/server/handlers.py
@@ -196,17 +196,18 @@ class WooQuery:
self['startday'] = startday
self['endday'] = endday
def GET(self):
params = urlparse.parse_qs(web.ctx.query[1:], True)
results = json.dumps(self._GET(params))
web.header('Content-Length', len(results))
web.header('Content-Type', 'application/json; charset=utf-8')
- web.header('Access-Control-Allow-Origin', '*')
+ web.header('Access-Control-Allow-Origin', 'https://bugzilla.mozilla.org')
+ web.header('Access-Control-Allow-Credentials', 'true')
return results
def getPushesByDate(self, args):
"""Returns the number of pushes per day to the specified trees for a given time range."""
# If no time is specified, it defaults to 00:00:00, so we have to add one
# day to the endday, to actually include the day specified.
# The json-pushes date argument strings need to be in UTC.