From 4bd67d5f9872e417c5c31a036e6774138412faa6 Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandro@alejandrocelaya.com>
Date: Sat, 27 Aug 2016 13:00:41 +0200
Subject: [PATCH] Fixed cross domain middleware not exposing the Authorization
 header

---
 module/Rest/src/Middleware/CrossDomainMiddleware.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/module/Rest/src/Middleware/CrossDomainMiddleware.php b/module/Rest/src/Middleware/CrossDomainMiddleware.php
index 4327df9e..d6b84d5b 100644
--- a/module/Rest/src/Middleware/CrossDomainMiddleware.php
+++ b/module/Rest/src/Middleware/CrossDomainMiddleware.php
@@ -41,7 +41,8 @@ class CrossDomainMiddleware implements MiddlewareInterface
         }
 
         // Add Allow-Origin header
-        $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'));
+        $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'))
+                             ->withHeader('Access-Control-Expose-Headers', 'Authorization');
         if ($request->getMethod() !== 'OPTIONS') {
             return $response;
         }