diff --git a/conf/nginx.conf b/conf/nginx.conf
index 494de9f..b5eb4be 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -56,7 +56,7 @@ http {
         access_by_lua_block {
             ngx.header["Access-Control-Allow-Origin"] = "*";
             ngx.header["Access-Control-Allow-Methods"] = "GET, POST, DELETE, PUT";
-            ngx.header["Access-Control-Allow-Headers"] = "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+            ngx.header["Access-Control-Allow-Headers"] = "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
             ngx.header["Access-Control-Max-Age"] = 1728000;
             ngx.header["Access-Control-Expose-Headers"] = "Content-Length,Content-Range";
             if ngx.var.request_method == "OPTIONS" then