authorization: allow auth related CORS Headers

Allow Authorization, X-Api-Key, and X-Access-Token headers when CORS is enabled. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-18 07:30:14 -04:00 · 2021-04-18 07:30:14 -04:00 · 4e0e223599
parent 7eba8e58e3
commit 4e0e223599
1 changed files with 2 additions and 1 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -487,7 +487,8 @@ class Authorization:
        request.set_header(
            "Access-Control-Allow-Headers",
            "Origin, Accept, Content-Type, X-Requested-With, "
-            "X-CRSF-Token")
+            "X-CRSF-Token, Authorization, X-Access-Token, "
+            "X-Api-Key")

    def close(self):
        self.prune_handler.stop()