[ARVADOS] created: 1.2.0-32-g1a373b5f2
Git user
git at public.curoverse.com
Mon Aug 20 09:44:12 EDT 2018
at 1a373b5f2c37cead0fe41482805fdb93ca871e37 (commit)
commit 1a373b5f2c37cead0fe41482805fdb93ca871e37
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Mon Aug 20 09:42:59 2018 -0400
14020: Allow WebDAV headers in CORS requests.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index bb77e5859..912398fa6 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -135,6 +135,11 @@ func (uos *updateOnSuccess) WriteHeader(code int) {
}
var (
+ corsAllowHeadersHeader = strings.Join([]string{
+ "Authorization", "Content-Type", "Range",
+ // WebDAV request headers:
+ "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
+ }, ", ")
writeMethod = map[string]bool{
"COPY": true,
"DELETE": true,
@@ -206,7 +211,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
statusCode = http.StatusMethodNotAllowed
return
}
- w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range")
+ w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Max-Age", "86400")
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 68ed06216..bced67ed2 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -48,7 +48,7 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) {
c.Check(resp.Body.String(), check.Equals, "")
c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
- c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range")
+ c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout")
// Check preflight for a disallowed request
resp = httptest.NewRecorder()
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list