From 74630ed3a0bd8b25d644b4f0779383daaadff14f Mon Sep 17 00:00:00 2001
From: Catalin Hofnar <catalin.hofnar@gmail.com>
Date: Fri, 12 Aug 2022 11:48:39 +0300
Subject: [PATCH] Added content-type to Access-Control-Allow-Headers needed for
 playground preflight

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
---
 pkg/api/controller.go      | 2 +-
 pkg/api/controller_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/api/controller.go b/pkg/api/controller.go
index 2f6d4b43..b9f747bd 100644
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@@ -78,7 +78,7 @@ func (c *Controller) CORSHandler(response http.ResponseWriter, request *http.Req
 	}
 
 	response.Header().Set("Access-Control-Allow-Methods", "HEAD,GET,POST,OPTIONS")
-	response.Header().Set("Access-Control-Allow-Headers", "Authorization")
+	response.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type")
 }
 
 func DumpRuntimeParams(log log.Logger) {
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
index edf0424c..359958f3 100644
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
@@ -269,7 +269,7 @@ func TestHtpasswdSingleCred(t *testing.T) {
 				So(resp, ShouldNotBeNil)
 				So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 
-				header := []string{"Authorization"}
+				header := []string{"Authorization,content-type"}
 
 				resp, _ = resty.R().SetBasicAuth(user, password).Options(baseURL + "/v2/")
 				So(resp, ShouldNotBeNil)