From d053d8ae4800b67bf9ae64b8a0536ce5d82f301d Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Mon, 24 Aug 2020 16:06:49 +0200
Subject: [PATCH] fix: add authorization to cors

---
 pkg/op/op.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/op/op.go b/pkg/op/op.go
index 1812a10..fda9315 100644
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@@ -44,7 +44,11 @@ func CreateRouter(o OpenIDProvider, h HttpInterceptor) *mux.Router {
 		h = DefaultInterceptor
 	}
 	router := mux.NewRouter()
-	router.Use(handlers.CORS(handlers.AllowedOriginValidator(allowAllOrigins), handlers.AllowedHeaders([]string{"content-type"})))
+	router.Use(handlers.CORS(
+		handlers.AllowCredentials(),
+		handlers.AllowedHeaders([]string{"authorization", "content-type"}),
+		handlers.AllowedOriginValidator(allowAllOrigins),
+	))
 	router.HandleFunc(healthzEndpoint, Healthz)
 	router.HandleFunc(readinessEndpoint, o.HandleReady)
 	router.HandleFunc(oidc.DiscoveryEndpoint, o.HandleDiscovery)