From b847af1dbd6e9b0e7746e0919f4abedf1cf19f5f Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 3 Apr 2023 12:01:24 +0200
Subject: [PATCH] [bugfix] Add idempotency-key to allowed CORS headers (#1670)

---
 internal/middleware/cors.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/middleware/cors.go b/internal/middleware/cors.go
index 1b7747c3a..22e2e81d5 100644
--- a/internal/middleware/cors.go
+++ b/internal/middleware/cors.go
@@ -54,6 +54,11 @@ func CORS() gin.HandlerFunc {
 			// needed to pass oauth bearer tokens
 			"Authorization",
 
+			// Some clients require this; see:
+			//   - https://docs.joinmastodon.org/methods/statuses/#headers
+			//   - https://github.com/superseriousbusiness/gotosocial/issues/1664
+			"Idempotency-Key",
+
 			// needed for websocket upgrade requests
 			"Upgrade",
 			"Sec-WebSocket-Extensions",