From d861236f4439b24c30eea339b97a4d3877b07308 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sun, 12 Jul 2020 18:22:52 +0200 Subject: [PATCH] fix(cors): allow authorization header --- test/api/unit/middlewares/cors.test.js | 4 ++-- website/server/middlewares/cors.js | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/api/unit/middlewares/cors.test.js b/test/api/unit/middlewares/cors.test.js index 9b2c568bf1..ddcd729fbe 100644 --- a/test/api/unit/middlewares/cors.test.js +++ b/test/api/unit/middlewares/cors.test.js @@ -21,7 +21,7 @@ describe('cors middleware', () => { expect(res.set).to.have.been.calledWith({ 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', - 'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', + 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', }); expect(res.sendStatus).to.not.have.been.called; expect(next).to.have.been.calledOnce; @@ -33,7 +33,7 @@ describe('cors middleware', () => { expect(res.set).to.have.been.calledWith({ 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', - 'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', + 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', }); expect(res.sendStatus).to.have.been.calledWith(200); expect(next).to.not.have.been.called; diff --git a/website/server/middlewares/cors.js b/website/server/middlewares/cors.js index 82845f201d..5d20f5f15e 100644 --- a/website/server/middlewares/cors.js +++ b/website/server/middlewares/cors.js @@ -2,7 +2,7 @@ export default function corsMiddleware (req, res, next) { res.set({ 'Access-Control-Allow-Origin': req.header('origin') || '*', 'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE', - 'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', + 'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client', }); if (req.method === 'OPTIONS') return res.sendStatus(200); return next();