From 80100f9769bdbc0a77878bb738178102e320222a Mon Sep 17 00:00:00 2001 From: Pawan Rawal Date: Fri, 15 Jan 2021 17:14:20 +0530 Subject: [PATCH] fix(dgraph): Add X-Dgraph-AuthToken to list of access control allowed headers Fixes GRAPHQL-928 This would allow the user to do schema alter operations from the browser when they have Poor Man's auth enabled on Alpha. (cherry picked from commit 4b3b2d93468205a555f051dfc93018b06b78baac) --- x/x.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x/x.go b/x/x.go index 3776deecba3..1ac7302085e 100644 --- a/x/x.go +++ b/x/x.go @@ -123,7 +123,7 @@ const ( // bulk load. GroupIdFileName = "group_id" - AccessControlAllowedHeaders = "X-Dgraph-AccessToken, " + + AccessControlAllowedHeaders = "X-Dgraph-AccessToken, X-Dgraph-AuthToken, " + "Content-Type, Content-Length, Accept-Encoding, Cache-Control, " + "X-CSRF-Token, X-Auth-Token, X-Requested-With" DgraphCostHeader = "Dgraph-TouchedUids"