# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1634763967 -7200
# Node ID e080d6aa0b3bde2e6e825f6f37bc212e1e227a2f
# Parent  14a679588b7b55855b6516382b154f1077567e3b
mod_http_file_share: Allow 'Authorization' header via CORS (thanks kawaii)

Can't find anything saying anything on whether this is needed or not.
kawaii reported that both Chrome and Firefox complained unless the
header was added to the list of allowed headers.

diff -r 14a679588b7b -r e080d6aa0b3b plugins/mod_http_file_share.lua
--- a/plugins/mod_http_file_share.lua	Wed Oct 20 17:32:34 2021 +0200
+++ b/plugins/mod_http_file_share.lua	Wed Oct 20 23:06:07 2021 +0200
@@ -584,6 +584,9 @@
 		streaming_uploads = true;
 		cors = {
 			credentials = true;
+			headers = {
+				Authorization = true;
+			};
 		};
 		route = {
 			["PUT /*"] = handle_upload;