From e1d9982c7b463b173cc8c261f61a9447ace62898 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Sun, 6 Nov 2022 09:31:13 -0600 Subject: graphql: T4803: allow 'Authorization' header in CORS middleware --- src/services/vyos-http-api-server | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index 3c390d9dc..60ea9a5ee 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -659,10 +659,18 @@ def graphql_init(fast_api_app): if app.state.vyos_origins: origins = app.state.vyos_origins - app.add_route('/graphql', CORSMiddleware(GraphQL(schema, context_value=get_user_context, debug=True, introspection=in_spec), allow_origins=origins, allow_methods=("GET", "POST", "OPTIONS"))) + app.add_route('/graphql', CORSMiddleware(GraphQL(schema, + context_value=get_user_context, + debug=True, + introspection=in_spec), + allow_origins=origins, + allow_methods=("GET", "POST", "OPTIONS"), + allow_headers=("Authorization",))) else: - app.add_route('/graphql', GraphQL(schema, context_value=get_user_context, debug=True, introspection=in_spec)) - + app.add_route('/graphql', GraphQL(schema, + context_value=get_user_context, + debug=True, + introspection=in_spec)) ### if __name__ == '__main__': -- cgit v1.2.3