fix(rest): allow authorization in CORS request

Signed-off-by: Jiyong Huang <huangjy@emqx.io>

internal/server/rest.go

@@ -116,7 +116,7 @@ func createRestServer(ip string, port int, needToken bool) *http.Server {
 		WriteTimeout: time.Second * 60 * 5,
 		ReadTimeout:  time.Second * 60 * 5,
 		IdleTimeout:  time.Second * 60,
-		Handler:      handlers.CORS(handlers.AllowedHeaders([]string{"Accept", "Accept-Language", "Content-Type", "Content-Language", "Origin"}))(r),
+		Handler:      handlers.CORS(handlers.AllowedHeaders([]string{"Accept", "Accept-Language", "Content-Type", "Content-Language", "Origin", "Authorization"}), handlers.AllowedMethods([]string{"POST", "GET", "PUT", "DELETE", "HEAD"}))(r),
 	}
 	server.SetKeepAlivesEnabled(false)
 	return server