fix: access-control-allow-methods header naming and value

nalgeon · Dec 20, 2023 · 162ca55 · 162ca55
1 parent 69d022c
commit 162ca55
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/internal/server/middleware.go b/internal/server/middleware.go
@@ -7,7 +7,7 @@ import "net/http"
 func enableCORS(handler func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("access-control-allow-origin", "*")
-		w.Header().Set("access-control-allow-method", "post")
+		w.Header().Set("access-control-allow-methods", "options, post")
 		w.Header().Set("access-control-allow-headers", "authorization, content-type")
 		w.Header().Set("access-control-max-age", "3600")
 		if r.Method == http.MethodOptions {

diff --git a/internal/server/middleware_test.go b/internal/server/middleware_test.go
@@ -31,8 +31,8 @@ func Test_enableCORS(t *testing.T) {
 		if w.Header().Get("access-control-allow-origin") != "*" {
 			t.Errorf("invalid access-control-allow-origin")
 		}
-		if w.Header().Get("access-control-allow-method") != "post" {
-			t.Errorf("invalid access-control-allow-method")
+		if w.Header().Get("access-control-allow-methods") != "options, post" {
+			t.Errorf("invalid access-control-allow-methods")
 		}
 		if w.Header().Get("access-control-allow-headers") != "authorization, content-type" {
 			t.Errorf("invalid access-control-allow-headers")