From 64f573b942a954a75f76ccb0ceca96fd54eec4b4 Mon Sep 17 00:00:00 2001
From: Guilherme Afonso Oliveira <guilherme.oliveira@azion.com>
Date: Mon, 7 Oct 2024 14:33:32 -0300
Subject: [PATCH] [EDU-5477] feat: add missing CORS header (#1299)

* feat: add missing header

* feat: add missing header in ptbr guide

* fix: header on rtm
---
 .../edge-application/ea-cors/check-cors-permissions.mdx   | 8 ++++----
 .../edge-application/ea-cors/check-cors-permissions.mdx   | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/content/docs/en/pages/guides/edge-application/ea-cors/check-cors-permissions.mdx b/src/content/docs/en/pages/guides/edge-application/ea-cors/check-cors-permissions.mdx
index a78f11e584..ff4e688d95 100644
--- a/src/content/docs/en/pages/guides/edge-application/ea-cors/check-cors-permissions.mdx
+++ b/src/content/docs/en/pages/guides/edge-application/ea-cors/check-cors-permissions.mdx
@@ -95,7 +95,7 @@ In the following example, CORS is being allowed through the `OPTIONS` method. To
 | **Description** | Allows CORS for OPTIONS requests in /your-uri, as well as non-complex requests |
 | **Phase** | Response Phase |
 | **Criteria** | `${uri}` *starts with* `/your-uri` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 :::tip
 You may configure other complex request types as you want by adding them to the values of the `Allow`, `Access-Control-Allow-Methods`, and `Access-Control-Allow-Origin` headers. You can also customize the format of the response in the `Content-Type` header to fit your needs.
@@ -116,7 +116,7 @@ You may configure other complex request types as you want by adding them to the
 | **Name** | OPTIONS CORS |
 | **Description** | Allows CORS for OPTIONS requests in /your-uri, as well as non-complex requests |
 | **Criteria** | `${uri}` *starts with* `/your-uri` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 :::tip
 You may configure other complex request types as you want by adding them to the values of the `Allow`, `Access-Control-Allow-Methods`, and `Access-Control-Allow-Origin` headers. You can also customize the format of the response in the `Content-Type` header to fit your needs.
@@ -171,7 +171,7 @@ Now you need to create a rule that processes requests from multiple origins:
 | **Name** | Multiple origins CORS |
 | **Phase** | Response Phase |
 | **Criteria** | `${http_origin}` *is equal* `http://your.domain1.com`<br />**OR** `${http_origin}` *is equal* `http://your.domain2.com`<br />**OR** `${http_origin}` *is equal* `http://your.domain3.com` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 4. Click the **Save** button.
 </Fragment>
@@ -185,7 +185,7 @@ Now you need to create a rule that processes requests from multiple origins:
 |-----------|------|
 | **Name** | Multiple origins CORS |
 | **Criteria** | `${http_origin}` *is equal* `http://your.domain1.com`<br />**OR** `${http_origin}` *is equal* `http://your.domain2.com`<br />**OR** `${http_origin}` *is equal* `http://your.domain3.com` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 4. Click the **Save** button.
 </Fragment>
diff --git a/src/content/docs/pt-br/pages/guias/edge-application/ea-cors/check-cors-permissions.mdx b/src/content/docs/pt-br/pages/guias/edge-application/ea-cors/check-cors-permissions.mdx
index 75eb928a28..8fa8061109 100644
--- a/src/content/docs/pt-br/pages/guias/edge-application/ea-cors/check-cors-permissions.mdx
+++ b/src/content/docs/pt-br/pages/guias/edge-application/ea-cors/check-cors-permissions.mdx
@@ -96,7 +96,7 @@ No exemplo a seguir, o CORS está sendo permitido por meio do método `OPTIONS`.
 | **Description** | Permite CORS para OPTIONS em /sua-uri e outras requisições não complexas | 
 | **Phase** | Response Phase |
 | **Criteria** | `${uri}` *starts with* `/your-uri` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 :::tip
 Você pode configurar outros tipos de requisições complexas conforme desejar, adicionando-os aos valores dos cabeçalhos `Allow`, `Access-Control-Allow-Methods` e `Access-Control-Allow-Origin`. Você também pode personalizar o formato da resposta no cabeçalho `Content-Type` para atender às suas necessidades.
@@ -117,7 +117,7 @@ Você pode configurar outros tipos de requisições complexas conforme desejar,
 | **Name** | OPTIONS CORS |
 | **Description** | Permite CORS para OPTIONS em /sua-uri e outras requisições não complexas
 | **Criteria** | `${uri}` *starts with* `/your-uri` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 :::tip
 Você pode configurar outros tipos de requisições complexas conforme desejar, adicionando-os aos valores dos cabeçalhos `Allow`, `Access-Control-Allow-Methods` e `Access-Control-Allow-Origin`. Você também pode personalizar o formato da resposta no cabeçalho `Content-Type` para atender às suas necessidades.
@@ -172,7 +172,7 @@ Agora você precisa criar uma regra que processe requisições de várias origen
 | **Name** | CORS para múltiplas origens |
 | **Phase** | Response Phase |
 | **Criteria** | `${http_origin}` *is equal* `http://seu.domain1.com`<br />**OR** `${http_origin}` *is equal* `http://seu.domain2.com`<br />**OR** `${http_origin}` *is equal* `http://seu.domain3.com` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 4. Clique no botão **Save**.
 </Fragment>
@@ -186,7 +186,7 @@ Agora você precisa criar uma regra que processe requisições de várias origen
 |-----------|------|
 | **Name** | CORS para múltiplas origens |
 | **Criteria** | `${http_origin}` *is equal* `http://seu.domain1.com`<br />**OR** `${http_origin}` *is equal* `http://seu.domain2.com`<br />**OR** `${http_origin}` *is equal* `http://seu.domain3.com` |
-| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
+| **Behavior** | **Add Response Header** `Access-Control-Allow-Origin: *`<br />**Add Response Header** `Access-Control-Allow-Headers: Content-Type, Authorization`<br />**Add Response Header** `Access-Control-Request-Method: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Content-Type: application/json`<br />**Add Response Header** `Allow: POST, GET, OPTIONS, HEAD`<br />**Add Response Header** `Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD` |
 
 4. Clique no botão **Save**.
 </Fragment>