Add 'Accept' to default header per #2855

API.md

@@ -2110,7 +2110,7 @@ following options:
       ('Access-Control-Max-Age'). The greater the value, the longer it will take before the
       browser checks for changes in policy. Defaults to `86400` (one day).
     - `headers` - a strings array of allowed headers ('Access-Control-Allow-Headers').
-      Defaults to `['Authorization', 'Content-Type', 'If-None-Match']`.
+      Defaults to `['Accept', 'Authorization', 'Content-Type', 'If-None-Match']`.
     - `additionalHeaders` - a strings array of additional headers to `headers`. Use this to
       keep the default headers in place.
     - `exposedHeaders` - a strings array of exposed headers

lib/defaults.js

@@ -82,6 +82,7 @@ exports.cors = {
     origin: ['*'],
     maxAge: 86400,                                  // One day
     headers: [
+        'Accept',
         'Authorization',
         'Content-Type',
         'If-None-Match'

test/cors.js

@@ -527,7 +527,7 @@ describe('CORS', function () {
             }, function (res) {
 
                 expect(res.statusCode).to.equal(200);
-                expect(res.headers['access-control-allow-headers']).to.equal('Authorization,Content-Type,If-None-Match');
+                expect(res.headers['access-control-allow-headers']).to.equal('Accept,Authorization,Content-Type,If-None-Match');
                 done();
             });
         });