X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f15c51d123da2db1deeeb0e76685cf17eb56e039..5d5af52a33ec8b10a9af6afd50141db3923441ec:/services/api/app/controllers/application_controller.rb?ds=sidebyside

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 649aa2b0df..c94ce89395 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -402,7 +402,7 @@ class ApplicationController < ActionController::Base
   def set_cors_headers
     response.headers['Access-Control-Allow-Origin'] = '*'
     response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
-    response.headers['Access-Control-Allow-Headers'] = 'Authorization'
+    response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
     response.headers['Access-Control-Max-Age'] = '86486400'
   end