16212: Allow X-Http-Method-Override header in CORS requests.

[arvados.git] / lib / controller / router / router.go

diff --git a/lib/controller/router/router.go b/lib/controller/router/router.go
index c41f103dc464be41be43002b24e11a59a9968c8c..bb6d9055852a4b94347ed7c5b89b364d3823f6be 100644 (file)
--- a/lib/controller/router/router.go
+++ b/lib/controller/router/router.go
@@ -54,6 +54,13 @@ func (rtr *router) addRoutes() {
                                return rtr.fed.Login(ctx, *opts.(*arvados.LoginOptions))
                        },
                },
+               {
+                       arvados.EndpointLogout,
+                       func() interface{} { return &arvados.LogoutOptions{} },
+                       func(ctx context.Context, opts interface{}) (interface{}, error) {
+                               return rtr.fed.Logout(ctx, *opts.(*arvados.LogoutOptions))
+                       },
+               },
                {
                        arvados.EndpointCollectionCreate,
                        func() interface{} { return &arvados.CreateOptions{} },
@@ -379,7 +386,7 @@ func (rtr *router) ServeHTTP(w http.ResponseWriter, r *http.Request) {
        default:
                w.Header().Set("Access-Control-Allow-Origin", "*")
                w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, PUT, POST, PATCH, DELETE")
-               w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+               w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Http-Method-Override")
                w.Header().Set("Access-Control-Max-Age", "86486400")
        }
        if r.Method == "OPTIONS" {