Add "Authorization" in the list of Cors allowed headers (#4249)

CHANGES_NEXT_RELEASE

@@ -9,3 +9,4 @@
 - Deprecated: GET /v2 operation
 - Remove: RPM package stuff
 - Fix: replace $where operator by $expr in subscription query logic in the -noCache case (#4148)
+- Add "Authorization" in CORS allowed headers (#4249)

doc/manuals/devel/httpHeaders.md

@@ -24,6 +24,7 @@ This document describes all the headers used by Orion, as defined in **src/lib/r
 20) [Fiware-Correlator](#20-fiware-correlator)                                     
 
 21) [X-Auth-Token](#21-x-auth-token)
+22) [Authorization](#22-authorization)
 
 
 
@@ -129,7 +130,7 @@ It is an optional header used in outgoing HTTP responses sent by Orion. Its oper
 It is used in outgoing HTTP responses sent by Orion.
 Its operation is related with CORS, see specific documentation [about CORS in the user manual](https://github.com/telefonicaid/fiware-orion/blob/master/doc/manuals/user/cors.md#access-control-allow-headers).
 
-    Access-Control-Allow-Headers: Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token	
+    Access-Control-Allow-Headers: Authorization, Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token	
 
 [Top](#top)		
 
@@ -257,4 +258,11 @@ X-Auth-Token is an optional HTTP header, which Orion received in requests and pr
 
     "X-Auth-Token": "fff0f4af447f4b589c835f805fe4be29"
 
+
+## 22. Authorization
+
+Authorization is an optional HTTP header, which Orion received in requests and propagates transparently to other requests (notifications and forwarded queries/updated) associated with the original one. It is supposed to be used by security enforcement proxies integrated with Orion [such as PEP Steelskin](https://github.com/telefonicaid/fiware-pep-steelskin).
+
+    "Authorization": "Bearer fff0f4af447f4b589c835f805fe4be29"
+
 [Top](#top)

doc/manuals/user/cors.md

@@ -62,7 +62,7 @@ and these are defined in [lib/rest/HttpHeaders.h](https://github.com/telefonicai
 Orion's response to a valid `OPTIONS` request would include the header and value
 below:
 
-    Access-Control-Allow-Headers: Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token
+    Access-Control-Allow-Headers: Authorization, Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token
 
 ## Access-Control-Max-Age
 

src/lib/rest/HttpHeaders.h

@@ -58,14 +58,15 @@
 #define HTTP_X_AUTH_TOKEN                  "X-Auth-Token"
 #define HTTP_X_REAL_IP                     "X-Real-IP"
 #define HTTP_X_FORWARDED_FOR               "X-Forwarded-For"
+#define HTTP_AUTHORIZATION                 "Authorization"
 
 
 
 /* ****************************************************************************
 *
 * CORS Allowed Headers -
 */
-#define CORS_ALLOWED_HEADERS HTTP_CONTENT_TYPE ", " HTTP_FIWARE_SERVICE ", " HTTP_FIWARE_SERVICEPATH ", " HTTP_NGSIV2_ATTRSFORMAT ", " HTTP_FIWARE_CORRELATOR ", " HTTP_X_FORWARDED_FOR ", " HTTP_X_REAL_IP ", " HTTP_X_AUTH_TOKEN
+#define CORS_ALLOWED_HEADERS HTTP_CONTENT_TYPE ", " HTTP_FIWARE_SERVICE ", " HTTP_FIWARE_SERVICEPATH ", " HTTP_NGSIV2_ATTRSFORMAT ", " HTTP_FIWARE_CORRELATOR ", " HTTP_X_FORWARDED_FOR ", " HTTP_X_REAL_IP ", " HTTP_X_AUTH_TOKEN ", " HTTP_AUTHORIZATION
 
 
 

test/functionalTest/cases/0501_cors/allowed_headers.test

@@ -45,7 +45,7 @@ echo
 HTTP/1.1 200 OK
 Content-Length: 0
 Access-Control-Max-Age: REGEX([0-9]+)
-Access-Control-Allow-Headers: Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token
+Access-Control-Allow-Headers: Content-Type, Fiware-Service, Fiware-Servicepath, Ngsiv2-AttrsFormat, Fiware-Correlator, X-Forwarded-For, X-Real-IP, X-Auth-Token, Authorization
 Access-Control-Expose-Headers: REGEX(.*)
 Access-Control-Allow-Origin: *
 Access-Control-Allow-Methods: REGEX(.*)