Story #14020
[keep-web] Instruct browsers to allow webdav headers in cross-origin requests
Start date:
08/20/2018
Due date:
% Done:
100%
Estimated time:
(Total: 0.00 h)
Story points:
0.5
Release:
Release relationship:
Auto
Description
Some WebDAV operations (like COPY and MOVE) supply flags/arguments as HTTP request headers (like Destination). In order for a web browser to use these, keep-web has to list them in the Access-Control-Allow-Headers header in its pre-flight response.
Currently keep-web sends
Access-Control-Allow-Headers: Authorization, Content-Type, RangeThe WebDAV request headers should be added:
- Depth
- Destination
- If
- Lock-Token
- Overwrite
- Timeout
ref: https://tools.ietf.org/html/rfc4918 section 21.3
Subtasks
Associated revisions
History
#1
Updated by Tom Morris over 2 years ago
- Target version set to 2018-09-05 Sprint
- Story points set to 0.5
#2
Updated by Peter Amstutz over 2 years ago
- Assigned To set to Peter Amstutz
#3
Updated by Peter Amstutz over 2 years ago
- Assigned To changed from Peter Amstutz to Fuad Muhic
#4
Updated by Peter Amstutz over 2 years ago
- Assigned To deleted (
Fuad Muhic)
#5
Updated by Tom Clegg over 2 years ago
- Status changed from New to In Progress
- Assigned To set to Tom Clegg
#6
Updated by Tom Clegg over 2 years ago
14020-webdav-cors @ 1a373b5f2c37cead0fe41482805fdb93ca871e37
#7
Updated by Peter Amstutz over 2 years ago
#8
Updated by Tom Clegg over 2 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|5c1d46ab958097eb0da1ca692af23345e1faf66c.
#9
Updated by Ward Vandewege over 2 years ago
- Release set to 13
Merge branch '14020-webdav-cors'
closes #14020
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>