14020: Allow WebDAV headers in CORS requests.

author Tom Clegg <tclegg@veritasgenetics.com>

Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)

committer Tom Clegg <tclegg@veritasgenetics.com>

Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)
author Tom Clegg <tclegg@veritasgenetics.com>
Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)
committer Tom Clegg <tclegg@veritasgenetics.com>
Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go

index bb77e5859449f5e7e4783d76d02120c359d51085..912398fa64db5d8b18605178f14a77884e234f1d 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -135,6 +135,11 @@ func (uos *updateOnSuccess) WriteHeader(code int) {
  }
  
  var (
+       corsAllowHeadersHeader = strings.Join([]string{
+               "Authorization", "Content-Type", "Range",
+               // WebDAV request headers:
+               "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
+       }, ", ")
         writeMethod = map[string]bool{
                 "COPY":   true,
                 "DELETE": true,
@@ -206,7 +211,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
                         statusCode = http.StatusMethodNotAllowed
                         return
                 }
-               w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range")
+               w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
                 w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
                 w.Header().Set("Access-Control-Allow-Origin", "*")
                 w.Header().Set("Access-Control-Max-Age", "86400")
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go

index 68ed062160401e59bb79479c71fbfde21a2495e1..bced67ed208012dfafa69fdd7a3e6dd2395b641a 100644 (file)
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -48,7 +48,7 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) {
         c.Check(resp.Body.String(), check.Equals, "")
         c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
         c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
-       c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range")
+       c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout")
  
         // Check preflight for a disallowed request
         resp = httptest.NewRecorder()
author	Tom Clegg <tclegg@veritasgenetics.com>
	Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)
committer	Tom Clegg <tclegg@veritasgenetics.com>
	Mon, 20 Aug 2018 13:42:59 +0000 (09:42 -0400)
services/keep-web/handler.go		patch \| blob \| history
services/keep-web/handler_test.go		patch \| blob \| history