From 8db6b7c6cb6f0112db920ca723fdf93e4897d25f Mon Sep 17 00:00:00 2001
From: Blade Barringer <blade@crookedneighbor.com>
Date: Mon, 10 Oct 2016 17:35:00 -0500
Subject: [PATCH] fix(api): Allow x-client to be set in cors middleware (#8117)

* fix(api): Allow x-client to be set in cors middleware

* chore: update cors middlware tests
---
 test/api/v3/unit/middlewares/cors.test.js | 4 ++--
 website/server/middlewares/cors.js        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/api/v3/unit/middlewares/cors.test.js b/test/api/v3/unit/middlewares/cors.test.js
index 051eada21e..8ece1e9ca2 100644
--- a/test/api/v3/unit/middlewares/cors.test.js
+++ b/test/api/v3/unit/middlewares/cors.test.js
@@ -20,7 +20,7 @@ describe('cors middleware', () => {
     expect(res.set).to.have.been.calledWith({
       'Access-Control-Allow-Origin': '*',
       'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
-      'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key',
+      'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
     });
     expect(res.sendStatus).to.not.have.been.called;
     expect(next).to.have.been.called.once;
@@ -32,7 +32,7 @@ describe('cors middleware', () => {
     expect(res.set).to.have.been.calledWith({
       'Access-Control-Allow-Origin': '*',
       'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
-      'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key',
+      'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
     });
     expect(res.sendStatus).to.have.been.calledWith(200);
     expect(next).to.not.have.been.called;
diff --git a/website/server/middlewares/cors.js b/website/server/middlewares/cors.js
index c249c183c6..3c0452c62c 100644
--- a/website/server/middlewares/cors.js
+++ b/website/server/middlewares/cors.js
@@ -2,7 +2,7 @@ module.exports = function corsMiddleware (req, res, next) {
   res.set({
     'Access-Control-Allow-Origin': req.header('origin') || '*',
     'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
-    'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key',
+    'Access-Control-Allow-Headers': 'Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
   });
   if (req.method === 'OPTIONS') return res.sendStatus(200);
   return next();