From 60702faa57d46af7109706bba9b1c1ad84644555 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Mart=C3=ADn?= Date: Thu, 10 Jan 2019 15:55:08 +0100 Subject: [PATCH] adding Authorization to Access-Control-Allow-Headers --- app/middlewares/cors.js | 2 +- test/acceptance/app-configuration.js | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/app/middlewares/cors.js b/app/middlewares/cors.js index 7f0ee42a..286ced9c 100644 --- a/app/middlewares/cors.js +++ b/app/middlewares/cors.js @@ -2,7 +2,7 @@ module.exports = function cors(extraHeaders) { return function(req, res, next) { - var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'; + var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'; if(extraHeaders) { baseHeaders += ', ' + extraHeaders; diff --git a/test/acceptance/app-configuration.js b/test/acceptance/app-configuration.js index f7bf847b..418ccd35 100644 --- a/test/acceptance/app-configuration.js +++ b/test/acceptance/app-configuration.js @@ -60,7 +60,8 @@ describe('app-configuration', function() { method: 'GET' }, RESPONSE_OK, function(err, res) { assert.equal( - res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token' + res.headers['access-control-allow-headers'], + 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization' ); assert.equal(res.headers['access-control-allow-origin'], '*'); done(); @@ -76,7 +77,8 @@ describe('app-configuration', function() { }, RESPONSE_OK, function(err, res) { assert.equal(res.body, ''); assert.equal( - res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token' + res.headers['access-control-allow-headers'], + 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization' ); assert.equal(res.headers['access-control-allow-origin'], '*'); done(); @@ -158,7 +160,7 @@ describe('app-configuration', function() { assert.equal(res.headers['access-control-allow-origin'], '*'); assert.equal( res.headers['access-control-allow-headers'], - "X-Requested-With, X-Prototype-Version, X-CSRF-Token" + "X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization" ); done(); });