diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 713a960561..2ca6d0a8d3 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -12,6 +12,7 @@ Changelog
  * Notification emails now include an "Auto-Submitted: auto-generated" header (Dan Braghis)
  * Image chooser panels now show alt text as title (Samir Shah)
  * Added `download_url` field to images in the API (Michael Harrison)
+ * Dummy requests for preview now preserve the HTTP Authorization header (Ben Dickinson)
  * Fix: Respect next param on login (Loic Teixeira)
  * Fix: InlinePanel now handles relations that specify a related_query_name (Aram Dulyan)
  * Fix: before_delete_page / after_delete_page hooks now run within the same database transaction as the page deletion (Tomasz Knapik)
diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
index 10bb836302..e00c0f9daa 100644
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@@ -316,6 +316,7 @@ Contributors
 * Matthew Schinckel
 * Michael Borisov
 * Dan Braghis
+* Ben Dickinson
 
 Translators
 ===========
diff --git a/docs/releases/2.3.rst b/docs/releases/2.3.rst
index d572cacc7a..08439ca842 100644
--- a/docs/releases/2.3.rst
+++ b/docs/releases/2.3.rst
@@ -29,6 +29,7 @@ Other features
  * Notification emails now include an "Auto-Submitted: auto-generated" header (Dan Braghis)
  * Image chooser panels now show alt text as title (Samir Shah)
  * Added ``download_url`` field to images in the API (Michael Harrison)
+ * Dummy requests for preview now preserve the HTTP Authorization header (Ben Dickinson)
 
 
 Bug fixes
diff --git a/wagtail/core/models.py b/wagtail/core/models.py
index 5b1e4cc918..ffa50203b9 100644
--- a/wagtail/core/models.py
+++ b/wagtail/core/models.py
@@ -1242,7 +1242,7 @@ class Page(AbstractPage, index.Indexed, ClusterableModel, metaclass=PageBase):
 
         # Add important values from the original request object, if it was provided.
         HEADERS_FROM_ORIGINAL_REQUEST = [
-            'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_COOKIE', 'HTTP_USER_AGENT',
+            'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_COOKIE', 'HTTP_USER_AGENT', 'HTTP_AUTHORIZATION',
             'wsgi.version', 'wsgi.multithread', 'wsgi.multiprocess', 'wsgi.run_once',
         ]
         if settings.SECURE_PROXY_SSL_HEADER:
diff --git a/wagtail/core/tests/test_page_model.py b/wagtail/core/tests/test_page_model.py
index 69e881ba73..71add730e2 100644
--- a/wagtail/core/tests/test_page_model.py
+++ b/wagtail/core/tests/test_page_model.py
@@ -1371,6 +1371,7 @@ class TestDummyRequest(TestCase):
             'HTTP_X_FORWARDED_FOR': '192.168.0.2,192.168.0.3',
             'HTTP_COOKIE': "test=1;blah=2",
             'HTTP_USER_AGENT': "Test Agent",
+            'HTTP_AUTHORIZATION': "Basic V2FndGFpbDpXYWd0YWlsCg==",
         }
         factory = RequestFactory(**original_headers)
         original_request = factory.get('/home/events/')
@@ -1381,6 +1382,7 @@ class TestDummyRequest(TestCase):
         self.assertEqual(request.META['HTTP_X_FORWARDED_FOR'], original_request.META['HTTP_X_FORWARDED_FOR'])
         self.assertEqual(request.META['HTTP_COOKIE'], original_request.META['HTTP_COOKIE'])
         self.assertEqual(request.META['HTTP_USER_AGENT'], original_request.META['HTTP_USER_AGENT'])
+        self.assertEqual(request.META['HTTP_AUTHORIZATION'], original_request.META['HTTP_AUTHORIZATION'])
 
         # check other env vars required by the WSGI spec
         self.assertEqual(request.META['REQUEST_METHOD'], 'GET')