From 4cb45bd398afd7966cec5d4dfa4dd325c114f93c Mon Sep 17 00:00:00 2001
From: Alex Auvolat <lx@deuxfleurs.fr>
Date: Tue, 28 Jan 2025 18:15:36 +0100
Subject: admin api: fix CORS to work in browser

---
 src/api/admin/special.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/api/admin/special.rs')

diff --git a/src/api/admin/special.rs b/src/api/admin/special.rs
index 0239021a..da3764d9 100644
--- a/src/api/admin/special.rs
+++ b/src/api/admin/special.rs
@@ -2,7 +2,9 @@ use std::sync::Arc;
 
 use async_trait::async_trait;
 
-use http::header::{ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW};
+use http::header::{
+	ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW,
+};
 use hyper::{Response, StatusCode};
 
 use garage_model::garage::Garage;
@@ -20,9 +22,10 @@ impl EndpointHandler for OptionsRequest {
 
 	async fn handle(self, _garage: &Arc<Garage>) -> Result<Response<ResBody>, Error> {
 		Ok(Response::builder()
-			.status(StatusCode::NO_CONTENT)
-			.header(ALLOW, "OPTIONS, GET, POST")
-			.header(ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS, GET, POST")
+			.status(StatusCode::OK)
+			.header(ALLOW, "OPTIONS,GET,POST")
+			.header(ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS,GET,POST")
+			.header(ACCESS_CONTROL_ALLOW_HEADERS, "authorization,content-type")
 			.header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
 			.body(empty_body())?)
 	}
-- 
cgit v1.2.3