fix(cors): allow authorization header

Author: coderbyheart

src/corsHeaders.spec.ts

@@ -12,7 +12,8 @@ void describe('corsHeaders()', () => {
 			}),
 			{
 				'Access-Control-Allow-Credentials': true,
-				'Access-Control-Allow-Headers': 'content-type, accept, if-match',
+				'Access-Control-Allow-Headers':
+					'content-type, accept, if-match, authorization',
 				'Access-Control-Expose-Headers':
 					'x-amzn-requestid, etag, apigw-requestid',
 				'Access-Control-Allow-Methods': 'PUT, DELETE, POST, GET, PATCH',

src/corsHeaders.ts

@@ -33,7 +33,8 @@ export const corsHeaders = (
 	'Access-Control-Allow-Credentials': true,
 	'Access-Control-Allow-Origin': origin({ headers }),
 	'Access-Control-Allow-Methods': allowedMethods.join(', '),
-	'Access-Control-Allow-Headers': 'content-type, accept, if-match',
+	'Access-Control-Allow-Headers':
+		'content-type, accept, if-match, authorization',
 	'Access-Control-Expose-Headers': 'x-amzn-requestid, etag, apigw-requestid',
 	'Access-Control-Max-Age': cacheForSeconds,
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#cors_and_caching