diff --git a/cors_test.go b/cors_test.go index 0dfb537..e7876e5 100644 --- a/cors_test.go +++ b/cors_test.go @@ -2,6 +2,7 @@ package tusd_test import ( "net/http" + "net/http/httptest" "testing" . "github.com/tus/tusd" @@ -46,4 +47,31 @@ func TestCORS(t *testing.T) { }, }).Run(handler, t) }) + + SubTest(t, "AppendHeaders", func(t *testing.T, store *MockFullDataStore) { + handler, _ := NewHandler(Config{ + DataStore: store, + }) + + req, _ := http.NewRequest("OPTIONS", "", nil) + req.Header.Set("Tus-Resumable", "1.0.0") + req.Header.Set("Origin", "tus.io") + req.Host = "tus.io" + + res := httptest.NewRecorder() + res.HeaderMap.Set("Access-Control-Allow-Headers", "HEADER") + res.HeaderMap.Set("Access-Control-Allow-Methods", "METHOD") + handler.ServeHTTP(res, req) + + headers := res.HeaderMap["Access-Control-Allow-Headers"] + methods := res.HeaderMap["Access-Control-Allow-Methods"] + + if headers[0] != "HEADER" { + t.Errorf("expected header to contain HEADER but got: %#v", headers) + } + + if methods[0] != "METHOD" { + t.Errorf("expected header to contain HEADER but got: %#v", methods) + } + }) } diff --git a/docs/hooks.md b/docs/hooks.md index 55d6101..a76c960 100644 --- a/docs/hooks.md +++ b/docs/hooks.md @@ -50,6 +50,8 @@ The process of the hook files are provided with information about the event and } ``` +Be aware that this environment does *not* contain direct data from any HTTP request, in particular not any header values or cookies. If you would like to pass information from the client to the hook, such as authentication details, you may wish to use the [metadata system](http://tus.io/protocols/resumable-upload.html#upload-metadata). + ## Blocking and Non-Blocking Hooks If not otherwise noted, all hooks are invoked in a *non-blocking* way, meaning that tusd will not wait until the hook process has finished and exited. Therefore, the hook process is not able to influence how tusd may continue handling the current request, regardless of which exit code it may set. Furthermore, the hook process' stdout and stderr will be piped to tusd's stdout and stderr correspondingly, allowing one to use these channels for additional logging. diff --git a/unrouted_handler.go b/unrouted_handler.go index 0e10248..0cd6c6a 100644 --- a/unrouted_handler.go +++ b/unrouted_handler.go @@ -157,13 +157,13 @@ func (handler *UnroutedHandler) Middleware(h http.Handler) http.Handler { if r.Method == "OPTIONS" { // Preflight request - header.Set("Access-Control-Allow-Methods", "POST, GET, HEAD, PATCH, DELETE, OPTIONS") - header.Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata") + header.Add("Access-Control-Allow-Methods", "POST, GET, HEAD, PATCH, DELETE, OPTIONS") + header.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata") header.Set("Access-Control-Max-Age", "86400") } else { // Actual request - header.Set("Access-Control-Expose-Headers", "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata") + header.Add("Access-Control-Expose-Headers", "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata") } }