use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Util;
+use Bugzilla::Hook;
use Bugzilla::Search::Recent;
use File::Basename;
sub header {
my $self = shift;
+ my %headers;
+
# If there's only one parameter, then it's a Content-Type.
if (scalar(@_) == 1) {
- # Since we're adding parameters below, we have to name it.
- unshift(@_, '-type' => shift(@_));
+ %headers = ('-type' => shift(@_));
+ }
+ else {
+ %headers = @_;
}
if ($self->{'_content_disp'}) {
- unshift(@_, '-content_disposition' => $self->{'_content_disp'});
+ $headers{'-content_disposition'} = $self->{'_content_disp'};
}
# Add the cookies in if we have any
if (scalar(@{$self->{Bugzilla_cookie_list}})) {
- unshift(@_, '-cookie' => $self->{Bugzilla_cookie_list});
+ $headers{'-cookie'} = $self->{Bugzilla_cookie_list};
}
# Add Strict-Transport-Security (STS) header if this response
{
$sts_opts .= '; includeSubDomains';
}
- unshift(@_, '-strict_transport_security' => $sts_opts);
+
+ $headers{'-strict_transport_security'} = $sts_opts;
}
# Add X-Frame-Options header to prevent framing and subsequent
# possible clickjacking problems.
unless ($self->url_is_attachment_base) {
- unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
+ $headers{'-x_frame_options'} = 'SAMEORIGIN';
}
# Add X-XSS-Protection header to prevent simple XSS attacks
# and enforce the blocking (rather than the rewriting) mode.
- unshift(@_, '-x_xss_protection' => '1; mode=block');
+ $headers{'-x_xss_protection'} = '1; mode=block';
# Add X-Content-Type-Options header to prevent browsers sniffing
# the MIME type away from the declared Content-Type.
- unshift(@_, '-x_content_type_options' => 'nosniff');
+ $headers{'-x_content_type_options'} = 'nosniff';
+
+ Bugzilla::Hook::process('cgi_headers',
+ { cgi => $self, headers => \%headers }
+ );
- return $self->SUPER::header(@_) || "";
+ return $self->SUPER::header(%headers) || "";
}
sub param {
=back
+=head2 cgi_headers
+
+This allows you to modify the HTTP headers sent out on every Bugzilla
+response.
+
+Params:
+
+=over
+
+=item C<headers>
+
+A hashref, where the keys are header names and the values are header
+values. Keys need to be lower-case, and begin with a "-". If you use
+the "_" character it will be converted to "-", and the library will
+also fix the casing to Camel-Case.
+
+You can delete (some) headers that Bugzilla adds by deleting entries
+from the hash.
+
+=item C<cgi>
+
+The CGI object, which may tell you useful things about the response on
+which to base a decision of whether or not to add a header.
+
+=back
+
+
=head2 config_add_panels
If you want to add new panels to the Parameters administrative interface,
projects / thirdparty / bugzilla.git / commitdiff
