From 025dcd71831f81f43db87938a6b8626f068fad62 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 17 Apr 2020 14:13:50 +0200 Subject: [PATCH] Add more CORS headers to make TUS work --- internal/http/interceptors/cors/cors.go | 6 ++++++ .../http/services/dataprovider/handler/unrouted_handler.go | 2 +- internal/http/services/owncloud/ocdav/ocdav.go | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/internal/http/interceptors/cors/cors.go b/internal/http/interceptors/cors/cors.go index 496ba0573b..8c7fe42bfe 100644 --- a/internal/http/interceptors/cors/cors.go +++ b/internal/http/interceptors/cors/cors.go @@ -109,6 +109,12 @@ func New(m map[string]interface{}) (global.Middleware, int, error) { } } + if len(conf.ExposedHeaders) == 0 { + conf.ExposedHeaders = []string{ + "Location", + } + } + // TODO(jfd): use log from request context, otherwise fmt will be used to log, // preventing us from pinging the log to eg jq c := cors.New(cors.Options{ diff --git a/internal/http/services/dataprovider/handler/unrouted_handler.go b/internal/http/services/dataprovider/handler/unrouted_handler.go index 82b1831928..97a18a17c8 100644 --- a/internal/http/services/dataprovider/handler/unrouted_handler.go +++ b/internal/http/services/dataprovider/handler/unrouted_handler.go @@ -247,7 +247,7 @@ func (handler *UnroutedHandler) Middleware(h http.Handler) http.Handler { if r.Method == "OPTIONS" { // Preflight request header.Add("Access-Control-Allow-Methods", "POST, GET, HEAD, PATCH, DELETE, OPTIONS") - header.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat") + header.Add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat") header.Set("Access-Control-Max-Age", "86400") } else { diff --git a/internal/http/services/owncloud/ocdav/ocdav.go b/internal/http/services/owncloud/ocdav/ocdav.go index bb36032222..ef9e39cd6b 100644 --- a/internal/http/services/owncloud/ocdav/ocdav.go +++ b/internal/http/services/owncloud/ocdav/ocdav.go @@ -113,6 +113,8 @@ func (s *svc) Handler() http.Handler { // the webdav api is accessible from anywhere w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Add("Access-Control-Allow-Headers", "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat") + w.Header().Add("Access-Control-Expose-Headers", "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat") // TODO(jfd): do we need this? // fake litmus testing for empty namespace: see https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/webdav/litmus_test_server.go#L58-L89