http: enable methods used with WebDAV - fixes #7444

Without this, requests like PROPFIND, issued from a browser, fail.
2023-11-22 13:23:34 +01:00 · 2023-11-22 13:23:34 +01:00 · 5fba502516
parent ba11040d6b
commit 5fba502516
2 changed files with 2 additions and 2 deletions
--- a/lib/http/middleware.go
+++ b/lib/http/middleware.go
@ -183,8 +183,8 @@ func MiddlewareCORS(allowOrigin string) Middleware {

 			if allowOrigin != "" {
 				w.Header().Add("Access-Control-Allow-Origin", allowOrigin)
-				w.Header().Add("Access-Control-Request-Method", "POST, OPTIONS, GET, HEAD")
 				w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
+				w.Header().Add("Access-Control-Allow-Methods", "COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, TRACE, UNLOCK")
 			}

 			next.ServeHTTP(w, r)
--- a/lib/http/middleware_test.go
+++ b/lib/http/middleware_test.go
@ -323,8 +323,8 @@ func TestMiddlewareAuthCertificateUser(t *testing.T) {

 var _testCORSHeaderKeys = []string{
 	"Access-Control-Allow-Origin",
-	"Access-Control-Request-Method",
 	"Access-Control-Allow-Headers",
+	"Access-Control-Allow-Methods",
 }

 func TestMiddlewareCORS(t *testing.T) {