fix: allow all cors headers and methods (#225)

diff --git a/src/server.rs b/src/server.rs
index 880d3245b961f337627c61c539ad6960f2b67014..980b90139edad3688e7334478b470936c50acc86 100644 (file)
--- a/src/server.rs
+++ b/src/server.rs
@@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
         .typed_insert(AccessControlAllowCredentials);
     res.headers_mut().insert(
         "Access-Control-Allow-Methods",
-        HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
+        HeaderValue::from_static("*"),
     );
     res.headers_mut().insert(
         "Access-Control-Allow-Headers",
-        HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
+        HeaderValue::from_static("Authorization,*"),
     );
     res.headers_mut().insert(
         "Access-Control-Expose-Headers",
-        HeaderValue::from_static(
-            "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
-        ),
+        HeaderValue::from_static("Authorization,*"),
     );
 }
 

diff --git a/tests/cors.rs b/tests/cors.rs
index d6ed521882a831ddc7b86508fe4998e5f2b2ddfb..54e12f62c0909df2f93784f057d4a5d10b0f4c2c 100644 (file)
--- a/tests/cors.rs
+++ b/tests/cors.rs
@@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
     );
     assert_eq!(
         resp.headers().get("access-control-allow-methods").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "*"
     );
     assert_eq!(
         resp.headers().get("access-control-allow-headers").unwrap(),
-        "Authorization,Destination,Range,Content-Type"
+        "Authorization,*"
     );
     assert_eq!(
         resp.headers().get("access-control-expose-headers").unwrap(),
-        "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
+        "Authorization,*"
     );
     Ok(())
 }