1 files changed, 5 insertions, 4 deletions

diff --git a/components/script/cors.rs b/components/script/cors.rs
index a4044a52568..cd7d0828564 100644
--- a/components/script/cors.rs
+++ b/components/script/cors.rs
@@ -30,6 +30,7 @@ use hyper::header::{ContentType, Host};
 use hyper::method::Method;
 use hyper::status::StatusClass::Success;
 
+use unicase::UniCase;
 use url::{SchemeData, Url};
 use util::task::spawn_named;
 
@@ -185,10 +186,10 @@ impl CORSRequest {
         // Step 5 - 7
         let mut header_names = vec!();
         for header in self.headers.iter() {
-            header_names.push(header.name().to_ascii_lowercase());
+            header_names.push(header.name().to_owned());
         }
         header_names.sort();
-        preflight.headers.set(AccessControlRequestHeaders(header_names));
+        preflight.headers.set(AccessControlRequestHeaders(header_names.into_iter().map(UniCase).collect()));
 
         // Step 8 unnecessary, we don't use the request body
         // Step 9, 10 unnecessary, we're writing our own fetch code
@@ -446,8 +447,8 @@ fn is_simple_method(m: &Method) -> bool {
 pub fn allow_cross_origin_request(req: &CORSRequest, headers: &Headers) -> bool {
     //FIXME(seanmonstar): use req.headers.get::<AccessControlAllowOrigin>()
     match headers.get() {
-        Some(&AccessControlAllowOrigin::AllowStar) => true, // Not always true, depends on credentials mode
-        Some(&AccessControlAllowOrigin::AllowOrigin(ref url)) =>
+        Some(&AccessControlAllowOrigin::Any) => true, // Not always true, depends on credentials mode
+        Some(&AccessControlAllowOrigin::Value(ref url)) =>
             url.scheme == req.origin.scheme &&
             url.host() == req.origin.host() &&
             url.port() == req.origin.port(),