admin api: fix CORS to work in browser

3 files changed, 15 insertions, 6 deletions

diff --git a/src/api/admin/api_server.rs b/src/api/admin/api_server.rs
index 82337b7e..92da3245 100644
--- a/src/api/admin/api_server.rs
+++ b/src/api/admin/api_server.rs
@@ -4,7 +4,7 @@ use std::sync::Arc;
 use argon2::password_hash::PasswordHash;
 use async_trait::async_trait;
 
-use http::header::AUTHORIZATION;
+use http::header::{HeaderValue, ACCESS_CONTROL_ALLOW_ORIGIN, AUTHORIZATION};
 use hyper::{body::Incoming as IncomingBody, Request, Response, StatusCode};
 use tokio::sync::watch;
 
@@ -134,6 +134,8 @@ impl ApiHandler for AdminApiServer {
 			Endpoint::New(_) => AdminApiRequest::from_request(req).await?,
 		};
 
+		info!("Admin request: {}", request.name());
+
 		let required_auth_hash =
 			match request.authorization_type() {
 				Authorization::None => None,
@@ -162,7 +164,10 @@ impl ApiHandler for AdminApiServer {
 			AdminApiRequest::Metrics(_req) => self.handle_metrics(),
 			req => {
 				let res = req.handle(&self.garage).await?;
-				json_ok_response(&res)
+				let mut res = json_ok_response(&res)?;
+				res.headers_mut()
+					.insert(ACCESS_CONTROL_ALLOW_ORIGIN, HeaderValue::from_static("*"));
+				Ok(res)
 			}
 		}
 	}
diff --git a/src/api/admin/router_v2.rs b/src/api/admin/router_v2.rs
index dacf6793..c7a5e316 100644
--- a/src/api/admin/router_v2.rs
+++ b/src/api/admin/router_v2.rs
@@ -219,6 +219,7 @@ impl AdminApiRequest {
 	/// Get the kind of authorization which is required to perform the operation.
 	pub fn authorization_type(&self) -> Authorization {
 		match self {
+			Self::Options(_) => Authorization::None,
 			Self::Health(_) => Authorization::None,
 			Self::CheckDomain(_) => Authorization::None,
 			Self::Metrics(_) => Authorization::MetricsToken,
diff --git a/src/api/admin/special.rs b/src/api/admin/special.rs
index 0239021a..da3764d9 100644
--- a/src/api/admin/special.rs
+++ b/src/api/admin/special.rs
@@ -2,7 +2,9 @@ use std::sync::Arc;
 
 use async_trait::async_trait;
 
-use http::header::{ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW};
+use http::header::{
+	ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW,
+};
 use hyper::{Response, StatusCode};
 
 use garage_model::garage::Garage;
@@ -20,9 +22,10 @@ impl EndpointHandler for OptionsRequest {
 
 	async fn handle(self, _garage: &Arc<Garage>) -> Result<Response<ResBody>, Error> {
 		Ok(Response::builder()
-			.status(StatusCode::NO_CONTENT)
-			.header(ALLOW, "OPTIONS, GET, POST")
-			.header(ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS, GET, POST")
+			.status(StatusCode::OK)
+			.header(ALLOW, "OPTIONS,GET,POST")
+			.header(ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS,GET,POST")
+			.header(ACCESS_CONTROL_ALLOW_HEADERS, "authorization,content-type")
 			.header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
 			.body(empty_body())?)
 	}