add Authorization to allowed CORS headers

so that CORS requests can be token-authenticated
9 years ago · a51efa5acc
parent 6ee01644c4
commit a51efa5acc
1 changed files with 1 additions and 1 deletions
--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@ -416,7 +416,7 @@ class APIHandler(IPythonHandler):
        return super(APIHandler, self).finish(*args, **kwargs)

    def options(self, *args, **kwargs):
-        self.set_header('Access-Control-Allow-Headers', 'accept, content-type')
+        self.set_header('Access-Control-Allow-Headers', 'accept, content-type, authorization')
        self.set_header('Access-Control-Allow-Methods',
                        'GET, PUT, POST, PATCH, DELETE, OPTIONS')
        self.finish()