Fix shared audio/video viewer: add CORS and Content-Type headers to public endpoints

2026-01-25 02:47:39 +01:00
parent 290556e602
commit 1f3b70ba74
1 changed files with 33 additions and 2 deletions
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -2962,6 +2962,11 @@ func publicFileShareHandler(w http.ResponseWriter, r *http.Request, db *database
 	viewerSession.Capabilities.IsPdf = isPdf
 	viewerSession.Capabilities.MimeType = mimeType

+	// Add CORS headers for public access
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Range")
+
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(viewerSession)
 }
@@ -3032,6 +3037,9 @@ func publicFileDownloadHandler(w http.ResponseWriter, r *http.Request, db *datab
 		return
 	}

+	// Determine MIME type
+	mimeType := getMimeType(file.Name)
+
 	// Get WebDAV client for the file's owner
 	client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass)
 	if err != nil {
@@ -3049,11 +3057,21 @@ func publicFileDownloadHandler(w http.ResponseWriter, r *http.Request, db *datab
 	}
 	defer resp.Body.Close()

-	// Copy headers
+	// Add CORS headers for public access
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Range")
+
+	// Copy headers from Nextcloud response
 	for k, v := range resp.Header {
 		w.Header()[k] = v
 	}

+	// Ensure Content-Type is set
+	if w.Header().Get("Content-Type") == "" {
+		w.Header().Set("Content-Type", mimeType)
+	}
+
 	// Ensure download behavior
 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", file.Name))

@@ -3127,6 +3145,9 @@ func publicFileViewHandler(w http.ResponseWriter, r *http.Request, db *database.
 		return
 	}

+	// Determine MIME type
+	mimeType := getMimeType(file.Name)
+
 	// Get WebDAV client for the file's owner
 	client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass)
 	if err != nil {
@@ -3144,11 +3165,21 @@ func publicFileViewHandler(w http.ResponseWriter, r *http.Request, db *database.
 	}
 	defer resp.Body.Close()

-	// Copy headers
+	// Add CORS headers for public access
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Range")
+
+	// Copy headers from Nextcloud response
 	for k, v := range resp.Header {
 		w.Header()[k] = v
 	}

+	// Ensure Content-Type is set
+	if w.Header().Get("Content-Type") == "" {
+		w.Header().Set("Content-Type", mimeType)
+	}
+
 	// Ensure inline viewing behavior (no Content-Disposition attachment)
 	w.Header().Del("Content-Disposition")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", file.Name))