From 25ad826dd012c0d6066f5a4a26d592f3dbfc255f Mon Sep 17 00:00:00 2001
From: Philippe Gaultier <pgaultier@gmail.com>
Date: Fri, 4 Jul 2014 14:19:33 +0200
Subject: [PATCH] Fix multiple headers management in
 Access-Control-Request-Headers

---
 framework/filters/Cors.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/framework/filters/Cors.php b/framework/filters/Cors.php
index b1e1b76644..3fcde328f3 100644
--- a/framework/filters/Cors.php
+++ b/framework/filters/Cors.php
@@ -179,9 +179,9 @@ class Cors extends ActionFilter
         if (isset($requestHeaders[$requestHeaderField])) {
             if (in_array('*', $this->cors[$requestHeaderField])) {
                 if ($type === 'Method') {
-                    $responseHeaders[$responseHeaderField] = strtoupper($responseHeaders[$responseHeaderField]);
+                    $responseHeaders[$responseHeaderField] = strtoupper($requestHeaders[$requestHeaderField]);
                 } elseif ($type === 'Headers') {
-                    $responseHeaders[$responseHeaderField] = static::headerize($responseHeaders[$responseHeaderField]);
+                    $responseHeaders[$responseHeaderField] = static::headerize($requestHeaders[$requestHeaderField]);
                 }
             } else {
                 $requestedData = preg_split("/[\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY);
@@ -190,7 +190,6 @@ class Cors extends ActionFilter
                     if ($type === 'Method') {
                         $req = strtoupper($req);
                     } elseif ($type === 'Headers') {
-                        // ucwords
                         $req = static::headerize($req);
                     }
                     if (in_array($req, $this->cors[$requestHeaderField])) {
@@ -222,13 +221,17 @@ class Cors extends ActionFilter
     /**
      * Convert any string (including php headers with HTTP prefix) to header format like :
      *  * X-PINGOTHER -> X-Pingother
-     *  * HTTP_X_PINGOTHER -> X-Pingother
+     *  * X_PINGOTHER -> X-Pingother
      * @param string $string string to convert
      * @return string the result in "header" format
      */
     protected static function headerize($string)
     {
-        return str_replace(' ', '-', ucwords(strtolower(str_replace(['_', '-'], [' ', ' '], $string))));
+        $headers = preg_split("/[\s,]+/", $string, -1, PREG_SPLIT_NO_EMPTY);
+        $headers = array_map(function($element) {
+            return str_replace(' ', '-', ucwords(strtolower(str_replace(['_', '-'], [' ', ' '], $element))));
+        }, $headers);
+        return implode(', ', $headers);
     }
 
     /**