From 3b50ae9b45815b568a68b3669a5e7c8ec536dba8 Mon Sep 17 00:00:00 2001
From: Christoph <cschwentker@gmail.com>
Date: Fri, 20 Oct 2017 12:16:52 +0200
Subject: [PATCH 1/2] Add Authorization Bearer to allowed Headers

This should hopefully fix https://github.com/RocketChat/Rocket.Chat/issues/8292
---
 packages/rocketchat-api/server/api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/rocketchat-api/server/api.js b/packages/rocketchat-api/server/api.js
index 1f0ee1a669e9..54c77bc0bdb7 100644
--- a/packages/rocketchat-api/server/api.js
+++ b/packages/rocketchat-api/server/api.js
@@ -34,7 +34,7 @@ class API extends Restivus {
 				if (RocketChat.settings.get('API_Enable_CORS') === true) {
 					this.response.writeHead(200, {
 						'Access-Control-Allow-Origin': RocketChat.settings.get('API_CORS_Origin'),
-						'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token'
+						'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, Authorization: Bearer'
 					});
 				} else {
 					this.response.writeHead(405);

From cf7777daa692bb8788d0a1988d3d5a9541b8bb42 Mon Sep 17 00:00:00 2001
From: Christoph <cschwentker@gmail.com>
Date: Tue, 7 Nov 2017 22:36:35 +0100
Subject: [PATCH 2/2] Only add Authorization

---
 packages/rocketchat-api/server/api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/rocketchat-api/server/api.js b/packages/rocketchat-api/server/api.js
index 54c77bc0bdb7..702b687c0a27 100644
--- a/packages/rocketchat-api/server/api.js
+++ b/packages/rocketchat-api/server/api.js
@@ -34,7 +34,7 @@ class API extends Restivus {
 				if (RocketChat.settings.get('API_Enable_CORS') === true) {
 					this.response.writeHead(200, {
 						'Access-Control-Allow-Origin': RocketChat.settings.get('API_CORS_Origin'),
-						'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, Authorization: Bearer'
+						'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, Authorization'
 					});
 				} else {
 					this.response.writeHead(405);