[bugfix] Add idempotency-key to allowed CORS headers (#1670)

This commit is contained in:
tobi 2023-04-03 12:01:24 +02:00 committed by GitHub
parent 9c209fe6e4
commit b847af1dbd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -54,6 +54,11 @@ func CORS() gin.HandlerFunc {
// needed to pass oauth bearer tokens // needed to pass oauth bearer tokens
"Authorization", "Authorization",
// Some clients require this; see:
// - https://docs.joinmastodon.org/methods/statuses/#headers
// - https://github.com/superseriousbusiness/gotosocial/issues/1664
"Idempotency-Key",
// needed for websocket upgrade requests // needed for websocket upgrade requests
"Upgrade", "Upgrade",
"Sec-WebSocket-Extensions", "Sec-WebSocket-Extensions",