Fix authorization header in cors (#21662)

* Fix authorization headers in cors

* Use aiohttp authorization header instead of custom const

homeassistant/components/http/cors.py

@@ -1,5 +1,5 @@
 """Provide CORS support for the HTTP component."""
-from aiohttp.hdrs import ACCEPT, CONTENT_TYPE, ORIGIN
+from aiohttp.hdrs import ACCEPT, CONTENT_TYPE, ORIGIN, AUTHORIZATION
 
 from homeassistant.const import (
     HTTP_HEADER_HA_AUTH, HTTP_HEADER_X_REQUESTED_WITH)
@@ -7,7 +7,7 @@ from homeassistant.core import callback
 
 ALLOWED_CORS_HEADERS = [
     ORIGIN, ACCEPT, HTTP_HEADER_X_REQUESTED_WITH, CONTENT_TYPE,
-    HTTP_HEADER_HA_AUTH]
+    HTTP_HEADER_HA_AUTH, AUTHORIZATION]
 
 
 @callback

tests/components/http/test_cors.py

@@ -7,11 +7,14 @@ from aiohttp.hdrs import (
     ACCESS_CONTROL_ALLOW_HEADERS,
     ACCESS_CONTROL_REQUEST_HEADERS,
     ACCESS_CONTROL_REQUEST_METHOD,
+    AUTHORIZATION,
     ORIGIN
 )
 import pytest
 
-from homeassistant.const import HTTP_HEADER_HA_AUTH
+from homeassistant.const import (
+    HTTP_HEADER_HA_AUTH
+)
 from homeassistant.setup import async_setup_component
 from homeassistant.components.http.cors import setup_cors
 from homeassistant.components.http.view import HomeAssistantView
@@ -84,6 +87,15 @@ async def test_cors_requests(client):
     assert req.headers[ACCESS_CONTROL_ALLOW_ORIGIN] == \
         TRUSTED_ORIGIN
 
+    # With auth token in headers
+    req = await client.get('/', headers={
+        AUTHORIZATION: 'Bearer some-token',
+        ORIGIN: TRUSTED_ORIGIN
+    })
+    assert req.status == 200
+    assert req.headers[ACCESS_CONTROL_ALLOW_ORIGIN] == \
+        TRUSTED_ORIGIN
+
 
 async def test_cors_preflight_allowed(client):
     """Test cross origin resource sharing preflight (OPTIONS) request."""