Merge pull request #557 from CartoDB/cors-authorization-headers

adding Authorization to Access-Control-Allow-Headers
This commit is contained in:
Alberto Romeu 2019-01-11 12:07:05 +01:00 committed by GitHub
commit 2a9b1c8457
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 4 deletions

View File

@ -11,6 +11,8 @@ Announcements:
* Consider cancelled queries as platform limits.
* Report fine-grained Garbage Collector stats
* Both query endpoints as the same one in rate limits terms
* Adding Authorization to Access-Control-Allow-Headers (https://github.com/CartoDB/CartoDB-SQL-API/issues/534)
## 2.3.1
Released 2018-12-23

View File

@ -2,7 +2,7 @@
module.exports = function cors(extraHeaders) {
return function(req, res, next) {
var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token';
var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization';
if(extraHeaders) {
baseHeaders += ', ' + extraHeaders;

View File

@ -60,7 +60,8 @@ describe('app-configuration', function() {
method: 'GET'
}, RESPONSE_OK, function(err, res) {
assert.equal(
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
);
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
@ -76,7 +77,8 @@ describe('app-configuration', function() {
}, RESPONSE_OK, function(err, res) {
assert.equal(res.body, '');
assert.equal(
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
res.headers['access-control-allow-headers'],
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
);
assert.equal(res.headers['access-control-allow-origin'], '*');
done();
@ -158,7 +160,7 @@ describe('app-configuration', function() {
assert.equal(res.headers['access-control-allow-origin'], '*');
assert.equal(
res.headers['access-control-allow-headers'],
"X-Requested-With, X-Prototype-Version, X-CSRF-Token"
"X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization"
);
done();
});