fix: allow all cors headers and methods (#225)

This commit is contained in:
sigoden 2023-06-02 19:07:43 +08:00 committed by GitHub
parent 57b4a74279
commit 27c269d6a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 8 deletions

View file

@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
.typed_insert(AccessControlAllowCredentials);
res.headers_mut().insert(
"Access-Control-Allow-Methods",
HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
HeaderValue::from_static("*"),
);
res.headers_mut().insert(
"Access-Control-Allow-Headers",
HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
HeaderValue::from_static("Authorization,*"),
);
res.headers_mut().insert(
"Access-Control-Expose-Headers",
HeaderValue::from_static(
"WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
),
HeaderValue::from_static("Authorization,*"),
);
}

View file

@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
);
assert_eq!(
resp.headers().get("access-control-allow-methods").unwrap(),
"GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
"*"
);
assert_eq!(
resp.headers().get("access-control-allow-headers").unwrap(),
"Authorization,Destination,Range,Content-Type"
"Authorization,*"
);
assert_eq!(
resp.headers().get("access-control-expose-headers").unwrap(),
"WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
"Authorization,*"
);
Ok(())
}