wikimedia · gwicke · Oct 20, 2016 · Oct 18, 2016 · Oct 19, 2016 · Oct 19, 2016
diff --git a/lib/security_response_header_filter.js b/lib/security_response_header_filter.js
@@ -59,7 +59,8 @@ module.exports = function addCSPHeaders(hyper, req, next, options) {
         // Set up basic CORS headers
         rh['access-control-allow-origin'] = '*';
         rh['access-control-allow-methods'] = 'GET';
-        rh['access-control-allow-headers'] = 'accept, content-type';
+        rh['access-control-allow-headers'] =
+            'accept, accept-encoding, accept-language, content-type';
         rh['access-control-expose-headers'] = 'etag';
 
         // Set up security headers

diff --git a/test/features/pagecontent/pagecontent.js b/test/features/pagecontent/pagecontent.js
@@ -22,7 +22,8 @@ describe('item requests', function() {
             assert.deepEqual(res.status, 200);
             assert.deepEqual(res.headers['access-control-allow-origin'], '*');
             assert.deepEqual(res.headers['access-control-allow-methods'], 'GET');
-            assert.deepEqual(res.headers['access-control-allow-headers'], 'accept, content-type');
+            assert.deepEqual(res.headers['access-control-allow-headers'],
+                'accept, accept-encoding, accept-language, content-type');
             assert.deepEqual(res.headers['access-control-expose-headers'], 'etag');
         });
     });

diff --git a/test/features/pagecontent/redirects.js b/test/features/pagecontent/redirects.js
@@ -106,7 +106,7 @@ describe('Redirects', function() {
 
     it('should append ?redirect=false to self-redirecting pages', function() {
         return preq.get({
-            uri: server.config.bucketURL + '/html/User:Pchelolo%2FSelf_Redirect',
+            uri: server.config.labsBucketURL + '/html/User:Pchelolo%2FSelf_Redirect',
             followRedirect: false
         })
         .then(function(res) {