From d36dd80a8a8ec959af008b35453fa5126ab1acdf Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@gmail.com>
Date: Thu, 27 Apr 2017 20:40:22 +0100
Subject: [PATCH] cors: Set Access-Control-Allow-Credentials to true (#4185)

This allow browsers to send credentials with preflighted requests.
---
 cmd/generic-handlers.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go
index ee2f11672..a233df2a0 100644
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@@ -274,10 +274,11 @@ var defaultAllowableHTTPMethods = []string{
 // setCorsHandler handler for CORS (Cross Origin Resource Sharing)
 func setCorsHandler(h http.Handler) http.Handler {
 	c := cors.New(cors.Options{
-		AllowedOrigins: []string{"*"},
-		AllowedMethods: defaultAllowableHTTPMethods,
-		AllowedHeaders: []string{"*"},
-		ExposedHeaders: []string{"ETag"},
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   defaultAllowableHTTPMethods,
+		AllowedHeaders:   []string{"*"},
+		ExposedHeaders:   []string{"ETag"},
+		AllowCredentials: true,
 	})
 	return c.Handler(h)
 }