From c91067adc08411eb0c2229766699dab46a0b460f Mon Sep 17 00:00:00 2001
From: Flavius Raducu <raducuflavius@gmail.com>
Date: Wed, 1 Oct 2025 18:16:13 +0100
Subject: [PATCH] add 'Authorization' header to the
 test_cors/test_tutorial001.py

---
 docs_src/cors/tutorial001.py                      | 2 +-
 tests/test_tutorial/test_cors/test_tutorial001.py | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs_src/cors/tutorial001.py b/docs_src/cors/tutorial001.py
index c73026e0e..5884fba99 100644
--- a/docs_src/cors/tutorial001.py
+++ b/docs_src/cors/tutorial001.py
@@ -15,7 +15,7 @@ app.add_middleware(
     allow_origins=origins,
     allow_credentials=True,
     allow_methods=["GET"],
-    allow_headers=["X-Example"],
+    allow_headers=["Authorization", "X-Example"],
 )
 
 
diff --git a/tests/test_tutorial/test_cors/test_tutorial001.py b/tests/test_tutorial/test_cors/test_tutorial001.py
index b0b9dae53..33e1e6503 100644
--- a/tests/test_tutorial/test_cors/test_tutorial001.py
+++ b/tests/test_tutorial/test_cors/test_tutorial001.py
@@ -18,10 +18,11 @@ def test_cors():
         response.headers["access-control-allow-origin"]
         == "https://localhost.tiangolo.com"
     )
-    expected_headers = (
-        "Accept, Accept-Language, Content-Language, Content-Type, X-Example"
+    assert response.headers["access-control-allow-headers"] == (
+        "Accept, Accept-Language, "
+        "Authorization, Content-Language, "
+        "Content-Type, X-Example"
     )
-    assert response.headers["access-control-allow-headers"] == expected_headers
 
     # Test standard response
     headers = {"Origin": "https://localhost.tiangolo.com"}