also allow authorization header

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-28 23:50:59 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-28 23:50:59 +0200
commit: dec43f5e77dc34f71879a40839ac6f7ffe369c13 (patch)
tree: 1091cc97988b24fd56fab16654f1a1da357c7d20
parent: 47436cd007694492ac0ab9530e33f890189d54b9 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/external/newsapi.php b/external/newsapi.php
index 7e8d901d0..07c2db43d 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -82,6 +82,7 @@ class NewsAPI extends Controller {
 		$response->addHeader('Access-Control-Allow-Origin', '*');
 		$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
 		$response->addHeader('Access-Control-Allow-Credentials', 'true');
+		$response->addHeader('Access-Control-Allow-Headers', 'Authorization');
 		$response->addHeader('Access-Control-Max-Age', '1728000');
 		return $response;
 	}
diff --git a/tests/unit/external/NewsAPITest.php b/tests/unit/external/NewsAPITest.php
index 8fbb3eea9..2bc649c1c 100644
--- a/tests/unit/external/NewsAPITest.php
+++ b/tests/unit/external/NewsAPITest.php
@@ -106,6 +106,7 @@ class NewsAPITest extends ControllerTestUtility {
 		$this->assertEquals('*', $headers['Access-Control-Allow-Origin']);
 		$this->assertEquals('PUT, POST, GET, DELETE', $headers['Access-Control-Allow-Methods']);
 		$this->assertEquals('true', $headers['Access-Control-Allow-Credentials']);
+		$this->assertEquals('Authorization', $headers['Access-Control-Allow-Headers']);
 		$this->assertEquals('1728000', $headers['Access-Control-Max-Age']);
 	}
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-28 23:50:59 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-28 23:50:59 +0200
commit	dec43f5e77dc34f71879a40839ac6f7ffe369c13 (patch)
tree	1091cc97988b24fd56fab16654f1a1da357c7d20
parent	47436cd007694492ac0ab9530e33f890189d54b9 (diff)