Apply admin authentication need for messages/reservations controllers

app/controllers/messages_controller.rb

@@ -1,4 +1,5 @@
 class MessagesController < ApplicationController
+  before_action :authenticate_admin!, only: %i[ index show update destroy ]
   before_action :set_message, only: %i[ show update destroy ]
 
   # GET /messages

app/controllers/reservations_controller.rb

@@ -1,4 +1,5 @@
 class ReservationsController < ApplicationController
+  before_action :authenticate_admin!, only: %i[ index show update destroy ]
   before_action :set_reservation, only: %i[ show update destroy ]
 
   # GET /reservations

config/initializers/cors.rb

@@ -11,7 +11,7 @@
 
     resource "*",
       headers: :any,
-      expose: [ "Access-Token", "Uid", "Client" ],
+      expose: [ "authorization" ],
       methods: [ :get, :post, :put, :patch, :delete, :options, :head ]
   end
 end

config/initializers/devise_token_auth.rb

@@ -5,7 +5,7 @@
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  # config.change_headers_on_each_request = true
+  config.change_headers_on_each_request = false
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.