Implement failover when server does not allow setting the Authorized-…

…header (CORS)

src/http-api.js

@@ -408,25 +408,42 @@ module.exports.MatrixHttpApi.prototype = {
             }
         }
 
-        const request_promise = this.request(
-            callback, method, path, queryParams, data, opts,
-        );
-
         const self = this;
-        request_promise.catch(function(err) {
-            if (err.errcode == 'M_UNKNOWN_TOKEN') {
+        let requestPromise = null;
+        if (this.authorization_header_supported === undefined) {
+            requestPromise = this.request(
+                callback, method, path, queryParams, data, opts,
+            ).then((ret) => {
+                self.authorization_header_supported = true;
+                return ret;
+            }).catch((err) => {
                 if (self.authorization_header_supported === undefined) {
                     self.authorization_header_supported = false;
+                    delete opts.headers.Authorization;
                     return self.authedRequest(
-                        callback, method, path, queryParams, data, opts);
+                        callback, method, path, queryParams, data, opts,
+                    ).then((ret) => {
+                       return ret;
+                    });
                 }
+            });
+        }
+
+        if (requestPromise == null) {
+            requestPromise = this.request(
+                callback, method, path, queryParams, data, opts,
+            );
+        }
+
+        requestPromise.catch(function(err) {
+            if (err.errcode == 'M_UNKNOWN_TOKEN') {
                 self.event_emitter.emit("Session.logged_out");
             }
         });
 
         // return the original promise, otherwise tests break due to it having to
         // go around the event loop one more time to process the result of the request
-        return request_promise;
+        return requestPromise;
     },
 
     /**