Allow metrics custom headers in cors

lib/api/middlewares/cors.js

@@ -6,7 +6,10 @@ module.exports = function cors () {
             'X-Requested-With',
             'X-Prototype-Version',
             'X-CSRF-Token',
-            'Authorization'
+            'Authorization',
+            'Carto-Source-Lib',
+            'Carto-Source-Context',
+            'Carto-Source-Context-Id'
         ];
 
         if (req.method === 'OPTIONS') {

test/acceptance/ported/attributes-test.js

@@ -42,7 +42,8 @@ describe('attributes', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }

test/acceptance/ported/multilayer-test.js

@@ -27,7 +27,8 @@ describe('multilayer', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }
@@ -1032,7 +1033,8 @@ describe('multilayer', function () {
     /// /////////////////////////////////////////////////////////////////
 
     it('geting options on layergroup should return CORS headers', function (done) {
-        const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
+        const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+                                'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
         assert.response(server, {
             url: '/api/v1/map',
             method: 'OPTIONS'

test/acceptance/ported/raster-test.js

@@ -19,7 +19,8 @@ describe('raster', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }

test/acceptance/ported/torque-test.js

@@ -30,7 +30,8 @@ describe('torque', function () {
     function checkCORSHeaders (res) {
         assert.strictEqual(
             res.headers['access-control-allow-headers'],
-            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization'
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+            'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id'
         );
         assert.strictEqual(res.headers['access-control-allow-origin'], '*');
     }

test/acceptance/templates-test.js

@@ -303,7 +303,8 @@ describe('template_api', function () {
             assert.response(server, postRequest, {}, function (res) { next(null, res); });
         },
         function testCORS () {
-            const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, Content-Type';
+            const allowHeaders = 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Authorization, ' +
+                                    'Carto-Source-Lib, Carto-Source-Context, Carto-Source-Context-Id, Content-Type';
             assert.response(server, {
                 url: '/api/v1/map/named/acceptance1',
                 method: 'OPTIONS'