From 1a437d38555ace0123491ebd62dea451e3fb22c4 Mon Sep 17 00:00:00 2001 From: Kilowhisky Date: Mon, 6 May 2024 22:07:07 -0700 Subject: [PATCH] Access-Control-Allow-Headers is apparently required by the spec --- internal/server/server.go | 7 ++++--- tests/proto_test.go | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/internal/server/server.go b/internal/server/server.go index 49b06488..910e83ec 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -1450,9 +1450,10 @@ func readNextHTTPCommand(packet []byte, argsIn [][]byte, msg *Message, wr io.Wri if wr == nil { return false, errors.New("connection is nil") } - corshead := "HTTP/1.1 204 No Content\r\n"+ - "Connection: close\r\n"+ - "Access-Control-Allow-Origin: *\r\n"+ + corshead := "HTTP/1.1 204 No Content\r\n" + + "Connection: close\r\n" + + "Access-Control-Allow-Origin: *\r\n" + + "Access-Control-Allow-Headers: *, Authorization\r\n" + "Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\n" if _, err = wr.Write([]byte(corshead)); err != nil { diff --git a/tests/proto_test.go b/tests/proto_test.go index 40f87dfe..80b74625 100644 --- a/tests/proto_test.go +++ b/tests/proto_test.go @@ -31,12 +31,16 @@ func proto_HTTP_CORS_test(mc *mockServer) error { } origin := resp.Header.Get("Access-Control-Allow-Origin") methods := resp.Header.Get("Access-Control-Allow-Methods") + headers := resp.Header.Get("Access-Control-Allow-Headers") if !(origin == "*" || origin == morigin) { return fmt.Errorf("expected http access-control-allow-origin value '*', got '%s'", origin) } if methods != "POST, GET, OPTIONS" { return fmt.Errorf("expected http access-control-allow-Methods value 'POST, GET, OPTIONS', got '%s'", methods) } + if headers != "*, Authorization" { + return fmt.Errorf("expected http access-control-allow-headers value '*, Authorization', got '%s'", headers) + } // Make the actual request now resp, err = http.Get(url)