[ARVADOS] created: 1.2.0-32-g1a373b5f2

Git user git at public.curoverse.com
Mon Aug 20 09:44:12 EDT 2018


        at  1a373b5f2c37cead0fe41482805fdb93ca871e37 (commit)


commit 1a373b5f2c37cead0fe41482805fdb93ca871e37
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Mon Aug 20 09:42:59 2018 -0400

    14020: Allow WebDAV headers in CORS requests.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index bb77e5859..912398fa6 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -135,6 +135,11 @@ func (uos *updateOnSuccess) WriteHeader(code int) {
 }
 
 var (
+	corsAllowHeadersHeader = strings.Join([]string{
+		"Authorization", "Content-Type", "Range",
+		// WebDAV request headers:
+		"Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
+	}, ", ")
 	writeMethod = map[string]bool{
 		"COPY":   true,
 		"DELETE": true,
@@ -206,7 +211,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 			statusCode = http.StatusMethodNotAllowed
 			return
 		}
-		w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range")
+		w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
 		w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Max-Age", "86400")
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 68ed06216..bced67ed2 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -48,7 +48,7 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) {
 	c.Check(resp.Body.String(), check.Equals, "")
 	c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
 	c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
-	c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range")
+	c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout")
 
 	// Check preflight for a disallowed request
 	resp = httptest.NewRecorder()

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list