How to CORS Allow Headers in Sails

Question

I want my server to allow 'Authorization' header for my mobile app. Currently my webserver is in sails and I use sails. My routes code is

'post /auth/local' : {
    cors: {
       origin: '*'    
    },
    controller: 'AuthController',
    action: 'callback'
},

When my client sends a request with 'Authorization' in header I get error

XMLHttpRequest cannot load http://localhost:1337/auth/local. 
Request header field Authorization is not allowed by Access-Control-Allow-Headers.

How do I specify in my routes code that 'Authorization' header is also allowed?

Answer 1

Add headers : 'Content-Type, Authorization' to cors object, like example below:

'post /auth/local' : {
    cors: {
       origin: '*',
       headers: 'Content-Type, Authorization'  
    },
    controller: 'AuthController',
    action: 'callback'
},

headers: Comma-delimited list of headers that are allowed to be sent with CORS requests. This is only used in response to preflight requests.

Source: Sails CORS Config

Notice that Content-Type is also required due is the default value of that property and is required for POST and PUT methods.