diff --git a/http/errors_test.go b/http/errors_test.go index 48b8359319ac8c95fc693b3e9bb397bc2c1b1e1d..e0ece23ec089d2d0c4174b020cb4130707dd49a2 100644 --- a/http/errors_test.go +++ b/http/errors_test.go @@ -165,7 +165,7 @@ func TestUnhandledMethod(t *testing.T) { AllowGet: false, Code: http.StatusMethodNotAllowed, ResHeaders: map[string]string{ - "Allow": "POST, HEAD, OPTIONS", + "Allow": "OPTIONS, POST", }, } tc.test(t) diff --git a/http/handler.go b/http/handler.go index a1756f6d51a1b2b0e05c40cb8ae2e12485336808..9afd4a4d6752274b54e33a2665a243ad6b3fabdf 100644 --- a/http/handler.go +++ b/http/handler.go @@ -5,6 +5,7 @@ import ( "errors" "net/http" "runtime/debug" + "strings" "sync" "time" @@ -106,7 +107,7 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // The CORS library handles all other requests. // Tell the user the allowed methods, and return. - setAllowedHeaders(w, h.cfg.AllowGet) + setAllowHeader(w, h.cfg.AllowGet) w.WriteHeader(http.StatusNoContent) return case http.MethodPost: @@ -116,7 +117,7 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } fallthrough default: - setAllowedHeaders(w, h.cfg.AllowGet) + setAllowHeader(w, h.cfg.AllowGet) http.Error(w, "405 - Method Not Allowed", http.StatusMethodNotAllowed) log.Warnf("The IPFS API does not support %s requests.", r.Method) return @@ -191,11 +192,10 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { h.root.Call(req, re, h.env) } -func setAllowedHeaders(w http.ResponseWriter, allowGet bool) { - w.Header().Add("Allow", http.MethodHead) - w.Header().Add("Allow", http.MethodOptions) - w.Header().Add("Allow", http.MethodPost) +func setAllowHeader(w http.ResponseWriter, allowGet bool) { + allowedMethods := []string{http.MethodOptions, http.MethodPost} if allowGet { - w.Header().Add("Allow", http.MethodGet) + allowedMethods = append(allowedMethods, http.MethodHead, http.MethodGet) } + w.Header().Set("Allow", strings.Join(allowedMethods, ", ")) }