From a51efa5accb0d2d025b845fca54835bdecba28e2 Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 14 Dec 2016 10:44:30 +0100 Subject: [PATCH] add Authorization to allowed CORS headers so that CORS requests can be token-authenticated --- notebook/base/handlers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py index 3ab515c610..5ef320b139 100755 --- a/notebook/base/handlers.py +++ b/notebook/base/handlers.py @@ -416,7 +416,7 @@ def finish(self, *args, **kwargs): return super(APIHandler, self).finish(*args, **kwargs) def options(self, *args, **kwargs): - self.set_header('Access-Control-Allow-Headers', 'accept, content-type') + self.set_header('Access-Control-Allow-Headers', 'accept, content-type, authorization') self.set_header('Access-Control-Allow-Methods', 'GET, PUT, POST, PATCH, DELETE, OPTIONS') self.finish()