adding Authorization to Access-Control-Allow-Headers

app/middlewares/cors.js

@@ -2,7 +2,7 @@
 
 module.exports = function cors(extraHeaders) {
     return function(req, res, next) {
-        var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token';
+        var baseHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization';
 
         if(extraHeaders) {
             baseHeaders += ', ' + extraHeaders;

test/acceptance/app-configuration.js

@@ -60,7 +60,8 @@ describe('app-configuration', function() {
             method: 'GET'
         }, RESPONSE_OK, function(err, res) {
             assert.equal(
-                res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
+                res.headers['access-control-allow-headers'],
+                'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
             );
             assert.equal(res.headers['access-control-allow-origin'], '*');
             done();
@@ -76,7 +77,8 @@ describe('app-configuration', function() {
         }, RESPONSE_OK, function(err, res) {
             assert.equal(res.body, '');
             assert.equal(
-                res.headers['access-control-allow-headers'], 'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
+                res.headers['access-control-allow-headers'],
+                'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
             );
             assert.equal(res.headers['access-control-allow-origin'], '*');
             done();
@@ -158,7 +160,7 @@ describe('app-configuration', function() {
             assert.equal(res.headers['access-control-allow-origin'], '*');
             assert.equal(
                 res.headers['access-control-allow-headers'],
-                "X-Requested-With, X-Prototype-Version, X-CSRF-Token"
+                "X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization"
             );
             done();
         });