Browse Source

Add PUT and DELETE methods for CORS handling. Fixes #2098

pull/2105/head
Jordan Wright 5 months ago
parent
commit
166ff8a050
2 changed files with 13 additions and 1 deletions
  1. +1
    -1
      middleware/middleware.go
  2. +12
    -0
      middleware/middleware_test.go

+ 1
- 1
middleware/middleware.go View File

@ -77,7 +77,7 @@ func RequireAPIKey(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "OPTIONS" {
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
w.Header().Set("Access-Control-Max-Age", "1000")
w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
return

+ 12
- 0
middleware/middleware_test.go View File

@ -133,6 +133,18 @@ func TestRequireAPIKey(t *testing.T) {
}
}
func TestCORSHeaders(t *testing.T) {
setupTest(t)
req := httptest.NewRequest(http.MethodOptions, "/", nil)
response := httptest.NewRecorder()
RequireAPIKey(successHandler).ServeHTTP(response, req)
expected := "POST, GET, OPTIONS, PUT, DELETE"
got := response.Result().Header.Get("Access-Control-Allow-Methods")
if got != expected {
t.Fatalf("incorrect cors options received. expected %s got %s", expected, got)
}
}
func TestInvalidAPIKey(t *testing.T) {
setupTest(t)
req := httptest.NewRequest(http.MethodGet, "/", nil)

Loading…
Cancel
Save