projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
14360: Initial version of dispatch-cloud.
[arvados.git] / services / keep-web / handler.go
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index bb77e5859449f5e7e4783d76d02120c359d51085..95948e32505f40112cff4da72c88692d7ea6edff 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -135,6 +135,11 @@ func (uos *updateOnSuccess) WriteHeader(code int) {
 }
 
 var (
+       corsAllowHeadersHeader = strings.Join([]string{
+               "Authorization", "Content-Type", "Range",
+               // WebDAV request headers:
+               "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
+       }, ", ")
        writeMethod = map[string]bool{
                "COPY":   true,
                "DELETE": true,
@@ -206,7 +211,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
                        statusCode = http.StatusMethodNotAllowed
                        return
                }
-               w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range")
+               w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
                w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
                w.Header().Set("Access-Control-Allow-Origin", "*")
                w.Header().Set("Access-Control-Max-Age", "86400")
@@ -315,7 +320,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 
        if useSiteFS {
                if tokens == nil {
-                       tokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
+                       tokens = auth.CredentialsFromRequest(r).Tokens
                }
                h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
                return
@@ -337,7 +342,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 
        if tokens == nil {
                if credentialsOK {
-                       reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
+                       reqTokens = auth.CredentialsFromRequest(r).Tokens
                }
                tokens = append(reqTokens, h.Config.AnonymousTokens...)
        }