diff --git a/lib/api/api.go b/lib/api/api.go index bcc685b20..e7e49b3f7 100644 --- a/lib/api/api.go +++ b/lib/api/api.go @@ -302,7 +302,7 @@ func (s *service) serve(ctx context.Context) { mut: sync.NewMutex(), } - configBuilder.registerConfig("/rest/config/") + configBuilder.registerConfig("/rest/config") configBuilder.registerConfigInsync("/rest/config/insync") configBuilder.registerFolders("/rest/config/folders") configBuilder.registerDevices("/rest/config/devices") @@ -504,7 +504,7 @@ func corsMiddleware(next http.Handler, allowFrameLoading bool) http.Handler { // Add a generous access-control-allow-origin header for CORS requests w.Header().Add("Access-Control-Allow-Origin", "*") // Only GET/POST/OPTIONS Methods are supported - w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") // Only these headers can be set w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-API-Key") // The request is meant to be cached 10 minutes diff --git a/lib/api/api_test.go b/lib/api/api_test.go index 5fa0af3e2..de7e3a804 100644 --- a/lib/api/api_test.go +++ b/lib/api/api_test.go @@ -403,6 +403,12 @@ func TestAPIServiceRequests(t *testing.T) { }, // /rest/config + { + URL: "/rest/config", + Code: 200, + Type: "application/json", + Prefix: "", + }, { URL: "/rest/config/folders", Code: 200, @@ -1073,8 +1079,8 @@ func TestOptionsRequest(t *testing.T) { if resp.Header.Get("Access-Control-Allow-Origin") != "*" { t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header") } - if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST, OPTIONS" { - t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST, OPTIONS' header") + if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST, PUT, PATCH, DELETE, OPTIONS" { + t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS' header") } if resp.Header.Get("Access-Control-Allow-Headers") != "Content-Type, X-API-Key" { t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Headers: Content-Type, X-API-KEY' header")