X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/d371545cd0f62b189e19b747d78ddc1d713510f9..e7c3a477fc4f75321671a6f601cc07a9180e4646:/services/keep-web/handler.go

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 27981c487d..3cdaf5d2b5 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -182,15 +182,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 
 	w := httpserver.WrapResponseWriter(wOrig)
 
-	if method := r.Header.Get("Access-Control-Request-Method"); method != "" && r.Method == "OPTIONS" {
-		if !browserMethod[method] && !webdavMethod[method] {
-			w.WriteHeader(http.StatusMethodNotAllowed)
-			return
-		}
-		w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
-		w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Max-Age", "86400")
+	if r.Method == "OPTIONS" && ServeCORSPreflight(w, r.Header) {
 		return
 	}
 
@@ -949,3 +941,19 @@ func (h *handler) determineCollection(fs arvados.CustomFileSystem, path string)
 	}
 	return nil, ""
 }
+
+func ServeCORSPreflight(w http.ResponseWriter, header http.Header) bool {
+	method := header.Get("Access-Control-Request-Method")
+	if method == "" {
+		return false
+	}
+	if !browserMethod[method] && !webdavMethod[method] {
+		w.WriteHeader(http.StatusMethodNotAllowed)
+		return true
+	}
+	w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
+	w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Max-Age", "86400")
+	return true
+}