Merge pull request #3886 from rwmajor2/add_access_control_hdr_config

Allow access control headers to be overriden in jupyter_notebook_conf…

Author: minrk

notebook/base/handlers.py

@@ -607,8 +607,11 @@ def finish(self, *args, **kwargs):
         return super(APIHandler, self).finish(*args, **kwargs)
 
     def options(self, *args, **kwargs):
-        self.set_header('Access-Control-Allow-Headers',
-                        'accept, content-type, authorization, x-xsrftoken')
+        if 'Access-Control-Allow-Headers' in self.settings.get('headers', {}):
+            self.set_header('Access-Control-Allow-Headers', self.settings['headers']['Access-Control-Allow-Headers'])
+        else:
+            self.set_header('Access-Control-Allow-Headers',
+                            'accept, content-type, authorization, x-xsrftoken')
         self.set_header('Access-Control-Allow-Methods',
                         'GET, PUT, POST, PATCH, DELETE, OPTIONS')