Add Access-Control-Allow-Methods header

Add the Access-Control-Allow-Methods header so that DELETE operations are allowed. Also move the write CORS headers method before docker writes a 404 not found so that the client receives the correct response and not an invalid CORS request. Upstream-commit: 393e873d25093f579d1a293bc473007b04f3c239 Component: engine
2026-01-16 20:22:36 +03:00 · 2013-06-09 17:17:35 -09:00
parent 19f2b9dadf
commit cdea6dbd60
1 changed files with 4 additions and 3 deletions
--- a/components/engine/api.go
+++ b/components/engine/api.go
@@ -706,6 +706,7 @@ func postBuild(srv *Server, version float64, w http.ResponseWriter, r *http.Requ
 func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Access-Control-Allow-Origin", "*")
 	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+	w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
 }

 func ListenAndServe(addr string, srv *Server, logging bool) error {
@@ -774,13 +775,13 @@ func ListenAndServe(addr string, srv *Server, logging bool) error {
 				if err != nil {
 					version = API_VERSION
 				}
+				if srv.enableCors {
+					writeCorsHeaders(w, r)
+				}
 				if version == 0 || version > API_VERSION {
 					w.WriteHeader(http.StatusNotFound)
 					return
 				}
-				if srv.enableCors {
-					writeCorsHeaders(w, r)
-				}
 				if err := localFct(srv, version, w, r, mux.Vars(r)); err != nil {
 					httpError(w, err)
 				}