From 595cf6c3750d7d77e062d34f02427d0a7e770a59 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Thu, 14 Sep 2017 10:12:13 -0400
Subject: [PATCH] use Content-Language header for auth bearer

---
 src/app/config.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/config.js b/src/app/config.js
index 8113788cad7..c8f1e4d0b41 100644
--- a/src/app/config.js
+++ b/src/app/config.js
@@ -12,7 +12,8 @@ angular
         $qProvider.errorOnUnhandledRejections(false);
         $locationProvider.hashPrefix('');
         jwtOptionsProvider.config({
-            urlParam: 'access_token',
+            // Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
+            authHeader: 'Content-Language',
             whiteListedDomains: appSettings.whitelistDomains
         });
         var refreshPromise;