[ARVADOS] created: 1.1.0-35-g1ff58b4
Git user
git at public.curoverse.com
Thu Oct 26 10:09:46 EDT 2017
at 1ff58b4325d1d0dcfc091742c64f1f87118b55ce (commit)
commit 1ff58b4325d1d0dcfc091742c64f1f87118b55ce
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Oct 26 10:08:57 2017 -0400
12494: Add CORS header support to arv-git-httpd
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/services/arv-git-httpd/auth_handler.go b/services/arv-git-httpd/auth_handler.go
index 0f9c7a5..b7373b5 100644
--- a/services/arv-git-httpd/auth_handler.go
+++ b/services/arv-git-httpd/auth_handler.go
@@ -43,6 +43,29 @@ func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
w := httpserver.WrapResponseWriter(wOrig)
+ if r.Method == "OPTIONS" {
+ method := r.Header.Get("Access-Control-Request-Method")
+ if method != "GET" && method != "POST" {
+ w.WriteHeader(http.StatusMethodNotAllowed)
+ return
+ }
+ w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+ w.Header().Set("Access-Control-Allow-Methods", "GET, POST")
+ w.Header().Set("Access-Control-Allow-Origin", "*")
+ w.Header().Set("Access-Control-Max-Age", "86400")
+ w.WriteHeader(http.StatusOK)
+ return
+ }
+
+ if r.Header.Get("Origin") != "" {
+ // Allow simple cross-origin requests without user
+ // credentials ("user credentials" as defined by CORS,
+ // i.e., cookies, HTTP authentication, and client-side
+ // SSL certificates. See
+ // http://www.w3.org/TR/cors/#user-credentials).
+ w.Header().Set("Access-Control-Allow-Origin", "*")
+ }
+
defer func() {
if w.WroteStatus() == 0 {
// Nobody has called WriteHeader yet: that
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list