driver: Add "Content-Type" to default allowed cors headers

Closes #1421
ory · May 6, 2019 · 45bd863 · 45bd863
1 parent fa10d9d
commit 45bd863
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go
@@ -156,7 +156,7 @@ func (v *ViperProvider) CORSOptions(iface string) cors.Options {
 	return cors.Options{
 		AllowedOrigins:     viperx.GetStringSlice(v.l, "serve."+iface+".cors.allowed_origins", []string{}, "CORS_ALLOWED_ORIGINS"),
 		AllowedMethods:     viperx.GetStringSlice(v.l, "serve."+iface+".cors.allowed_methods", []string{"GET", "POST", "PUT", "PATCH", "DELETE"}, "CORS_ALLOWED_METHODS"),
-		AllowedHeaders:     viperx.GetStringSlice(v.l, "serve."+iface+".cors.allowed_headers", []string{"Authorization"}, "CORS_ALLOWED_HEADERS"),
+		AllowedHeaders:     viperx.GetStringSlice(v.l, "serve."+iface+".cors.allowed_headers", []string{"Authorization", "Content-Type"}, "CORS_ALLOWED_HEADERS"),
 		ExposedHeaders:     viperx.GetStringSlice(v.l, "serve."+iface+".cors.exposed_headers", []string{"Content-Type"}, "CORS_EXPOSED_HEADERS"),
 		AllowCredentials:   viperx.GetBool(v.l, "serve."+iface+".cors.allow_credentials", true, "CORS_ALLOWED_CREDENTIALS"),
 		OptionsPassthrough: viperx.GetBool(v.l, "serve."+iface+".cors.options_passthrough", false),