Merge pull request #557 from CartoDB/cors-authorization-headers
adding Authorization to Access-Control-Allow-Headers
This commit is contained in:
commit
2a9b1c8457
2
NEWS.md
2
NEWS.md
@ -11,6 +11,8 @@ Announcements:
|
||||
* Consider cancelled queries as platform limits.
|
||||
* Report fine-grained Garbage Collector stats
|
||||
* Both query endpoints as the same one in rate limits terms
|
||||
* Adding Authorization to Access-Control-Allow-Headers (https://github.com/CartoDB/CartoDB-SQL-API/issues/534)
|
||||
|
||||
|
||||
## 2.3.1
|
||||
Released 2018-12-23
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
module.exports = function cors(extraHeaders) {
|
||||
return function(req, res, next) {
|
||||
var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token';
|
||||
var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization';
|
||||
|
||||
if(extraHeaders) {
|
||||
baseHeaders += ', ' + extraHeaders;
|
||||
|
@ -60,7 +60,8 @@ describe('app-configuration', function() {
|
||||
method: 'GET'
|
||||
}, RESPONSE_OK, function(err, res) {
|
||||
assert.equal(
|
||||
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
|
||||
res.headers['access-control-allow-headers'],
|
||||
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
|
||||
);
|
||||
assert.equal(res.headers['access-control-allow-origin'], '*');
|
||||
done();
|
||||
@ -76,7 +77,8 @@ describe('app-configuration', function() {
|
||||
}, RESPONSE_OK, function(err, res) {
|
||||
assert.equal(res.body, '');
|
||||
assert.equal(
|
||||
res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
|
||||
res.headers['access-control-allow-headers'],
|
||||
'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
|
||||
);
|
||||
assert.equal(res.headers['access-control-allow-origin'], '*');
|
||||
done();
|
||||
@ -158,7 +160,7 @@ describe('app-configuration', function() {
|
||||
assert.equal(res.headers['access-control-allow-origin'], '*');
|
||||
assert.equal(
|
||||
res.headers['access-control-allow-headers'],
|
||||
"X-Requested-With, X-Prototype-Version, X-CSRF-Token"
|
||||
"X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization"
|
||||
);
|
||||
done();
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user