From c867e3755953a01b0d176f7cb575d91d2228338b Mon Sep 17 00:00:00 2001
From: Drew Gross <drew.a.gross@gmail.com>
Date: Wed, 24 Feb 2016 17:26:50 -0800
Subject: [PATCH] Allow master key headers

---
 src/middlewares.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middlewares.js b/src/middlewares.js
index 319d90c6..6efaabd9 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -138,7 +138,7 @@ function handleParseHeaders(req, res, next) {
 var allowCrossDomain = function(req, res, next) {
   res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
-  res.header('Access-Control-Allow-Headers', 'X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');
+  res.header('Access-Control-Allow-Headers', 'X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');
 
   // intercept OPTIONS method
   if ('OPTIONS' == req.method) {