From 4e0e2235990fbdb2d1e75e664f133ac9b51fc9cb Mon Sep 17 00:00:00 2001
From: Arksine <9563098+Arksine@users.noreply.github.com>
Date: Sun, 18 Apr 2021 07:30:14 -0400
Subject: [PATCH] authorization: allow auth related CORS Headers

Allow Authorization, X-Api-Key, and X-Access-Token headers when CORS is enabled.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index c83b5fc..9f7ef04 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -487,7 +487,8 @@ class Authorization:
         request.set_header(
             "Access-Control-Allow-Headers",
             "Origin, Accept, Content-Type, X-Requested-With, "
-            "X-CRSF-Token")
+            "X-CRSF-Token, Authorization, X-Access-Token, "
+            "X-Api-Key")
 
     def close(self):
         self.prune_handler.stop()