test('authorize headers', function (done) {
    supertest(adminUrl)
      .get('/')
      .set('Origin', 'foobar')
      .set('access-control-request-headers', 'foo')