From 6b51e7196c02bc906e3008a76efb7402555ef83e Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Mon, 18 Mar 2024 14:16:04 -0400
Subject: [PATCH] fix: need to whitelist Authorization and Content-Type headers

---
 api/s5/s5.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/s5/s5.go b/api/s5/s5.go
index 12604a6..e67fb85 100644
--- a/api/s5/s5.go
+++ b/api/s5/s5.go
@@ -184,6 +184,7 @@ func (s *S5API) Routes() (*httprouter.Router, error) {
 			return true
 		},
 		AllowedMethods: []string{"POST"},
+		AllowedHeaders: []string{"Authorization", "Content-Type"},
 	})
 
 	routes := map[string]jape.Handler{