From aed2ada774adb4dda55266ec1b0620aa861d93e7 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Wed, 20 Oct 2021 23:06:07 +0200
Subject: mod_http_file_share: Allow 'Authorization' header via CORS (thanks
 kawaii)

Can't find anything saying anything on whether this is needed or not.
kawaii reported that both Chrome and Firefox complained unless the
header was added to the list of allowed headers.
---
 plugins/mod_http_file_share.lua | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index b05dd742..c67a1649 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -584,6 +584,9 @@ module:provides("http", {
 		streaming_uploads = true;
 		cors = {
 			credentials = true;
+			headers = {
+				Authorization = true;
+			};
 		};
 		route = {
 			["PUT /*"] = handle_upload;
-- 
cgit v1.2.3