Cors authorization header

[HaceneCo]

Access to XMLHttpRequest at 'http://localhost:3001/api/projects?archive=false&online=false&q=projet' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

[LoicPoullain]

Hi @HaceneCo

Thanks for reporting this!

I completed the docs to explain how to handle requests with the Authorization header when CORS is enabled.

Feel free to reopen the issue if it does not work.

[AntonioLuisME]

The docs link to "Page not found". Can't find them by searching the docs either. Where are the docs?

[LoicPoullain]

Documentation can be found here: https://foalts.org/docs/security/cors