Merge pull request #31 from vayam/master
Allow GET CORS requests, XSS protection and better content type
This commit is contained in:
commit
e445d9c0ef
11
handler.go
11
handler.go
|
@ -145,7 +145,7 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
if r.Method == "OPTIONS" {
|
if r.Method == "OPTIONS" {
|
||||||
// Preflight request
|
// Preflight request
|
||||||
header.Set("Access-Control-Allow-Methods", "POST, HEAD, PATCH, OPTIONS")
|
header.Set("Access-Control-Allow-Methods", "POST, GET, HEAD, PATCH, DELETE, OPTIONS")
|
||||||
header.Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata")
|
header.Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata")
|
||||||
header.Set("Access-Control-Max-Age", "86400")
|
header.Set("Access-Control-Max-Age", "86400")
|
||||||
|
|
||||||
|
@ -158,6 +158,9 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
// Set current version used by the server
|
// Set current version used by the server
|
||||||
header.Set("Tus-Resumable", "1.0.0")
|
header.Set("Tus-Resumable", "1.0.0")
|
||||||
|
|
||||||
|
// Add nosniff to all responses https://golang.org/src/net/http/server.go#L1429
|
||||||
|
header.Set("X-Content-Type-Options", "nosniff")
|
||||||
|
|
||||||
// Set appropriated headers in case of OPTIONS method allowing protocol
|
// Set appropriated headers in case of OPTIONS method allowing protocol
|
||||||
// discovery and end with an 204 No Content
|
// discovery and end with an 204 No Content
|
||||||
if r.Method == "OPTIONS" {
|
if r.Method == "OPTIONS" {
|
||||||
|
@ -453,15 +456,15 @@ func (handler *Handler) sendError(w http.ResponseWriter, r *http.Request, err er
|
||||||
status = 500
|
status = 500
|
||||||
}
|
}
|
||||||
|
|
||||||
reason := err.Error()
|
reason := err.Error() + "\n"
|
||||||
if r.Method == "HEAD" {
|
if r.Method == "HEAD" {
|
||||||
reason = ""
|
reason = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain")
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.Header().Set("Content-Length", strconv.Itoa(len(reason)))
|
w.Header().Set("Content-Length", strconv.Itoa(len(reason)))
|
||||||
w.WriteHeader(status)
|
w.WriteHeader(status)
|
||||||
w.Write([]byte(err.Error()))
|
w.Write([]byte(reason))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make an absolute URLs to the given upload id. If the base path is absolute
|
// Make an absolute URLs to the given upload id. If the base path is absolute
|
||||||
|
|
Loading…
Reference in New Issue