X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/24b137a5b3313778e2db7f5d1e0c82daf0634a9c..8c5f2973a5c5f042d1d12aef1c470b37519fd416:/services/keep-web/handler.go

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index db7517adc6..620ed9cfb4 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -94,6 +94,20 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		httpserver.Log(remoteAddr, statusCode, statusText, w.WroteBodyBytes(), r.Method, r.Host, r.URL.Path, r.URL.RawQuery)
 	}()
 
+	if r.Method == "OPTIONS" {
+		method := r.Header.Get("Access-Control-Request-Method")
+		if method != "GET" && method != "POST" {
+			statusCode = http.StatusMethodNotAllowed
+			return
+		}
+		w.Header().Set("Access-Control-Allow-Headers", "Range")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST")
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Max-Age", "86400")
+		statusCode = http.StatusOK
+		return
+	}
+
 	if r.Method != "GET" && r.Method != "POST" {
 		statusCode, statusText = http.StatusMethodNotAllowed, r.Method
 		return
@@ -143,17 +157,19 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	} else if len(pathParts) >= 3 && pathParts[0] == "collections" {
 		if len(pathParts) >= 5 && pathParts[1] == "download" {
 			// /collections/download/ID/TOKEN/PATH...
-			targetID = pathParts[2]
+			targetID = parseCollectionIDFromURL(pathParts[2])
 			tokens = []string{pathParts[3]}
 			targetPath = pathParts[4:]
 			pathToken = true
 		} else {
 			// /collections/ID/PATH...
-			targetID = pathParts[1]
+			targetID = parseCollectionIDFromURL(pathParts[1])
 			tokens = h.Config.AnonymousTokens
 			targetPath = pathParts[2:]
 		}
-	} else {
+	}
+
+	if targetID == "" {
 		statusCode = http.StatusNotFound
 		return
 	}