Closed jgreben closed 5 years ago
Would like another of @ndushay @jermnelson @jmartin-sul to take a look too.
This is a great idea, and Trellis really should have had the Authorization
header in the CORS defaults to begin with. I've just added a commit to the Trellis master branch to add that. But until the 0.9 release is ready, you'll need to override those values as you're doing here.
if @acoburn says this should make it into the defaults, that's good enough for me =)
Include Authorization as an allowed header (as well as the default header options) in order to allow the editor and other applications to talk to the server from a different origin, as well as passing in the JWT as the auth header.