From 166ff8a050396ea0b23d921400278112d0ab9436 Mon Sep 17 00:00:00 2001 From: Jordan Wright Date: Sun, 24 Jan 2021 14:01:40 -0600 Subject: [PATCH] Add PUT and DELETE methods for CORS handling. Fixes #2098 --- middleware/middleware.go | 2 +- middleware/middleware_test.go | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/middleware/middleware.go b/middleware/middleware.go index 85a32b05..0ad5e33e 100644 --- a/middleware/middleware.go +++ b/middleware/middleware.go @@ -77,7 +77,7 @@ func RequireAPIKey(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Origin", "*") if r.Method == "OPTIONS" { - w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS") + w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE") w.Header().Set("Access-Control-Max-Age", "1000") w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept") return diff --git a/middleware/middleware_test.go b/middleware/middleware_test.go index d7f15786..ce814714 100644 --- a/middleware/middleware_test.go +++ b/middleware/middleware_test.go @@ -133,6 +133,18 @@ func TestRequireAPIKey(t *testing.T) { } } +func TestCORSHeaders(t *testing.T) { + setupTest(t) + req := httptest.NewRequest(http.MethodOptions, "/", nil) + response := httptest.NewRecorder() + RequireAPIKey(successHandler).ServeHTTP(response, req) + expected := "POST, GET, OPTIONS, PUT, DELETE" + got := response.Result().Header.Get("Access-Control-Allow-Methods") + if got != expected { + t.Fatalf("incorrect cors options received. expected %s got %s", expected, got) + } +} + func TestInvalidAPIKey(t *testing.T) { setupTest(t) req := httptest.NewRequest(http.MethodGet, "/", nil)