Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lib/api: Fix /rest/config path and add methods to cors (ref #7001) (#7081)

This commit is contained in:
Simon Frei 2020-11-01 21:36:54 +01:00 committed by GitHub
parent 7dc0c6ab43
commit 4d1bcd718c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/api/api.go
View File

@ -302,7 +302,7 @@ func (s *service) serve(ctx context.Context) {
mut: sync.NewMutex(),
}
configBuilder.registerConfig("/rest/config/")
configBuilder.registerConfig("/rest/config")
configBuilder.registerConfigInsync("/rest/config/insync")
configBuilder.registerFolders("/rest/config/folders")
configBuilder.registerDevices("/rest/config/devices")
@ -504,7 +504,7 @@ func corsMiddleware(next http.Handler, allowFrameLoading bool) http.Handler {
// Add a generous access-control-allow-origin header for CORS requests
w.Header().Add("Access-Control-Allow-Origin", "*")
// Only GET/POST/OPTIONS Methods are supported
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
// Only these headers can be set
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
// The request is meant to be cached 10 minutes

10
lib/api/api_test.go
View File

@ -403,6 +403,12 @@ func TestAPIServiceRequests(t *testing.T) {
},
// /rest/config
{
URL: "/rest/config",
Code: 200,
Type: "application/json",
Prefix: "",
},
{
URL: "/rest/config/folders",
Code: 200,
@ -1073,8 +1079,8 @@ func TestOptionsRequest(t *testing.T) {
if resp.Header.Get("Access-Control-Allow-Origin") != "*" {
t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header")
}
if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST, OPTIONS" {
t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST, OPTIONS' header")
if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST, PUT, PATCH, DELETE, OPTIONS" {
t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS' header")
}
if resp.Header.Get("Access-Control-Allow-Headers") != "Content-Type, X-API-Key" {
t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Headers: Content-Type, X-API-KEY' header")