CORS issue when importing a project from bitbucket to gitlab-ce

Summary

When importing a project from bitbucket, the button "import" is spinning forever.

Console shows javascript error during a HTTP request

Failed to load https://bitbucket.org/site/oauth2/authorize?client_id=XXX&redirect_uri=https%3A%2F%2FXXX%2Fimport%2Fbitbucket%2Fcallback&response_type=code: Request header field X-CSRF-Token is not allowed by Access-Control-Allow-Headers in preflight response.

In fact, the request is posting a HEADER X-CSRF-Token whereas bitbucket allows access-control-allow-headers:Accept, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, Range, X-Csrftoken, X-Requested-With

Steps to reproduce

• On gitlab-ce
• Configure oauth

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [
  {
    "name" => "bitbucket",
    "app_id" => "XXX",
    "app_secret" => "XXX",
    "url" => "https://bitbucket.org/"
  }
]

• import a new bitbucket project => https://gitlab.mycompany.com/import/bitbucket/status
• click on any project

What is the current bug behavior?

The button "import" is disabled and a spining animation is running forever. The project is not imported

What is the expected correct behavior?

The project is imported

Results of GitLab environment info

Results of GitLab application Check

System information
System:         Debian 8.6
Current User:   git
Using RVM:      no
Ruby Version:   2.3.5p376
Gem Version:    2.6.13
Bundler Version:1.13.7
Rake Version:   12.1.0
Redis Version:  3.2.5
Git Version:    2.13.6
Sidekiq Version:5.0.4
Go Version:     unknown

GitLab information
Version:        10.2.2
Revision:       da70bc4
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     postgresql
URL:            https://gitlab.mycompany.com
HTTP Clone URL: https://gitlab.mycompany.com/some-group/some-project.git
SSH Clone URL:  git@gitlab.mycompany.com:some-group/some-project.git
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers: bitbucket

GitLab Shell
Version:        5.9.4
Repository storage paths:
- default:      /gitlab-data/repositories
Hooks:          /opt/gitlab/embedded/service/gitlab-shell/hooks
Git:            /opt/gitlab/embedded/bin/git