+ http.StatusSeeOther,
+ "",
+ )
+ u, err = url.Parse(resp.Header().Get("Location"))
+ c.Assert(err, check.IsNil)
+ c.Logf("redirected to %s", u)
+ c.Check(u.Host, check.Equals, s.handler.Cluster.Services.Workbench2.ExternalURL.Host)
+ c.Check(u.Query().Get("redirectToPreview"), check.Equals, "")
+ c.Check(u.Query().Get("redirectToDownload"), check.Equals, "/c="+arvadostest.FooCollection+"/foo")
+
+ // Without "Sec-Fetch-Mode: navigate" header, just 401.
+ s.testVhostRedirectTokenToCookie(c, "GET",
+ s.handler.Cluster.Services.WebDAVDownload.ExternalURL.Host+"/c="+arvadostest.FooCollection+"/foo",
+ "?api_token=thisisabogustoken",
+ http.Header{"Sec-Fetch-Mode": {"cors"}},
+ "",
+ http.StatusUnauthorized,
+ unauthorizedMessage+"\n",
+ )
+ s.testVhostRedirectTokenToCookie(c, "GET",
+ s.handler.Cluster.Services.WebDAVDownload.ExternalURL.Host+"/c="+arvadostest.FooCollection+"/foo",
+ "?api_token=thisisabogustoken",
+ nil,