From ee072b038afc7b75c33ef64e6312d4101c4fca3d Mon Sep 17 00:00:00 2001
From: Ruben Verborgh <ruben@verborgh.org>
Date: Mon, 4 Jan 2021 14:06:02 +0100
Subject: [PATCH] fix: Allow credentials over CORS.

---
 config/presets/middleware.json      | 1 +
 test/integration/Middleware.test.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/presets/middleware.json b/config/presets/middleware.json
index 380d0e8fed..485c42038e 100644
--- a/config/presets/middleware.json
+++ b/config/presets/middleware.json
@@ -16,6 +16,7 @@
             "PATCH",
             "DELETE"
           ],
+          "CorsHandler:_options_credentials": true,
           "CorsHandler:_options_exposedHeaders": [
             "Location",
             "Updates-Via"
diff --git a/test/integration/Middleware.test.ts b/test/integration/Middleware.test.ts
index f99bac47e0..7398acd26a 100644
--- a/test/integration/Middleware.test.ts
+++ b/test/integration/Middleware.test.ts
@@ -44,6 +44,7 @@ describe('An Express server with middleware', (): void => {
   it('returns CORS headers for an OPTIONS request.', async(): Promise<void> => {
     const res = await request(server)
       .options('/')
+      .set('Access-Control-Allow-Credentials', 'true')
       .set('Access-Control-Request-Headers', 'content-type')
       .set('Access-Control-Request-Method', 'POST')
       .set('Host', 'test.com')