CORS: cors handling should be before auth handling. cors should allow PUT.

9 years ago · 81b255511f
parent ed69c58490
commit 81b255511f
2 changed files with 3 additions and 3 deletions
--- a/generic-handlers.go
+++ b/generic-handlers.go
@ -126,7 +126,7 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func CorsHandler(h http.Handler) http.Handler {
 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
-		AllowedMethods: []string{"GET", "HEAD", "POST"},
+		AllowedMethods: []string{"GET", "HEAD", "POST", "PUT"},
 		AllowedHeaders: []string{"*"},
 	})
 	return c.Handler(h)
--- a/routers.go
+++ b/routers.go
@ -58,8 +58,8 @@ type WebAPI struct {
 func getWebAPIHandler(web *WebAPI) http.Handler {
 	var mwHandlers = []MiddlewareHandler{
 		TimeValidityHandler, // Validate time.
-		CorsHandler,         // CORS added only for testing purposes.
 		AuthHandler,         // Authentication handler for verifying tokens.
+		CorsHandler,         // CORS added only for testing purposes.
 	}
 	if web.AccessLog {
 		mwHandlers = append(mwHandlers, AccessLogHandler)
@ -157,7 +157,6 @@ func getNewCloudStorageAPI(conf cloudServerConfig) CloudStorageAPI {

 func getCloudStorageAPIHandler(api CloudStorageAPI) http.Handler {
 	var mwHandlers = []MiddlewareHandler{
-		CorsHandler,
 		TimeValidityHandler,
 		IgnoreResourcesHandler,
 		IgnoreSignatureV2RequestHandler,
@ -168,6 +167,7 @@ func getCloudStorageAPIHandler(api CloudStorageAPI) http.Handler {
 	if api.AccessLog {
 		mwHandlers = append(mwHandlers, AccessLogHandler)
 	}
+	mwHandlers = append(mwHandlers, CorsHandler)
 	mux := router.NewRouter()
 	registerCloudStorageAPI(mux, api)
 	return registerCustomMiddleware(mux, mwHandlers...)