Merge pull request #495 from jvlcek/bz_1599259_CORS

Add subcollection options support for CORS prefilghted requests (cherry picked from commit 3502e51) https://bugzilla.redhat.com/show_bug.cgi?id=1599259
ManageIQ · Oct 18, 2018 · 9b4e420 · 9b4e420
1 parent 50eef54
commit 9b4e420
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
@@ -103,7 +103,11 @@ def destroy
     end
 
     def options
-      render_options(@req.collection)
+      if params.key?(:subcollection)
+        render :json => ""
+      else
+        render_options(@req.collection)
+      end
     end
 
     def settings

diff --git a/config/routes.rb b/config/routes.rb
@@ -53,6 +53,9 @@
         end
 
         Array(collection.subcollections).each do |subcollection_name|
+          # OPTIONS action for each subcollection
+          match "/:c_id/#{subcollection_name}", :controller => collection_name, :action => :options, :via => :options, :as => nil, :subcollection => true
+
           if subcollection_name == :settings
             match(
               "/:c_id/settings",

diff --git a/spec/requests/tenant_quotas_spec.rb b/spec/requests/tenant_quotas_spec.rb
@@ -131,6 +131,12 @@
       expect(response).to have_http_status(:no_content)
     end
 
+    it "supports OPTIONS requests on a subcollection without authorization" do
+      options api_tenant_quotas_url(nil, tenant)
+      expect(response).to have_http_status(:ok)
+      expect(response.body).to be_empty
+    end
+
     it "can delete multiple quotas from a tenant with POST" do
       api_basic_authorize action_identifier(:quotas, :delete, :subcollection_actions, :post)