fix: allow all cors headers and methods (#225)

2024-10-02 22:13:57 +00:00 · 2023-06-02 19:07:43 +08:00 · 2023-06-02 19:07:43 +08:00 · 27c269d6a0
parent 57b4a74279
commit 27c269d6a0
2 changed files with 6 additions and 8 deletions
--- a/src/server.rs
+++ b/src/server.rs
@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
        .typed_insert(AccessControlAllowCredentials);
    res.headers_mut().insert(
        "Access-Control-Allow-Methods",
-        HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
+        HeaderValue::from_static("*"),
    );
    res.headers_mut().insert(
        "Access-Control-Allow-Headers",
-        HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
+        HeaderValue::from_static("Authorization,*"),
    );
    res.headers_mut().insert(
        "Access-Control-Expose-Headers",
-        HeaderValue::from_static(
+        HeaderValue::from_static("Authorization,*"),
            "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
        ),
    );
 }
--- a/tests/cors.rs
+++ b/tests/cors.rs
@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
    );
    assert_eq!(
        resp.headers().get("access-control-allow-methods").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "*"
    );
    assert_eq!(
        resp.headers().get("access-control-allow-headers").unwrap(),
-        "Authorization,Destination,Range,Content-Type"
+        "Authorization,*"
    );
    assert_eq!(
        resp.headers().get("access-control-expose-headers").unwrap(),
-        "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
+        "Authorization,*"
    );
    Ok(())
 }