http: fix webdav OPTIONS response (#6433)

This commit is contained in:
yuudi 2023-07-30 18:59:54 +00:00 committed by Nick Craig-Wood
parent 5e3bf50b2e
commit 88c72d1f4d
3 changed files with 15 additions and 9 deletions

View file

@ -62,6 +62,11 @@ func basicAuth(authenticator *LoggedBasicAuth) func(next http.Handler) http.Hand
next.ServeHTTP(w, r)
return
}
// skip auth for CORS preflight
if r.Method == "OPTIONS" {
next.ServeHTTP(w, r)
return
}
username := authenticator.CheckAuth(r)
if username == "" {
@ -123,6 +128,11 @@ func MiddlewareAuthCustom(fn CustomAuthFn, realm string, userFromContext bool) M
next.ServeHTTP(w, r)
return
}
// skip auth for CORS preflight
if r.Method == "OPTIONS" {
next.ServeHTTP(w, r)
return
}
user, pass, ok := parseAuthorization(r)
if !ok && userFromContext {
@ -177,13 +187,6 @@ func MiddlewareCORS(allowOrigin string) Middleware {
w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
}
if r.Method == "OPTIONS" {
w.WriteHeader(http.StatusOK)
return
// Because CORS preflight OPTIONS requests are not authenticated,
// and require a 200 OK response, we will return early here.
}
next.ServeHTTP(w, r)
})
}

View file

@ -459,8 +459,7 @@ func TestMiddlewareCORSWithAuth(t *testing.T) {
require.NoError(t, s.Shutdown())
}()
expected := []byte("data")
s.Router().Mount("/", testEchoHandler(expected))
s.Router().Mount("/", testEmptyHandler())
s.Serve()
url := testGetServerURL(t, s)

View file

@ -14,6 +14,10 @@ import (
"github.com/stretchr/testify/require"
)
func testEmptyHandler() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
}
func testEchoHandler(data []byte) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, _ = w.Write(data)