API: Add User-Agent to CORS allow list

An updated spec[1] removed the User-Agent header from the list of forbidden
headers for XHR, so some clients are now requesting to use it.

[1] https://github.com/whatwg/fetch/commit/dab09b0c483

Change-Id: I43d42c3c3a6510721ff7e5fc406db797bf08ffae

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index bc76f8f..3cc3407 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -829,6 +829,7 @@ class ApiMain extends ApiBase {
                        'dnt',
                        'origin',
                        /* MediaWiki whitelist */
+                       'user-agent',
                        'api-user-agent',
                ] );
                foreach ( $requestedHeaders as $rHeader ) {