b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix shared audio/video viewer: add CORS and Content-Type headers to public endpoints

Browse Source
This commit is contained in:
Leon Bösche
2026-01-25 02:47:39 +01:00
parent 290556e602
commit 1f3b70ba74
1 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
go_cloud/internal/http/routes.go
View File

@@ -2962,6 +2962,11 @@ func publicFileShareHandler(w http.ResponseWriter, r *http.Request, db *database
viewerSession.Capabilities.IsPdf = isPdf viewerSession.Capabilities.IsPdf = isPdf
viewerSession.Capabilities.MimeType = mimeType viewerSession.Capabilities.MimeType = mimeType
// Add CORS headers for public access
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Range")
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(viewerSession) json.NewEncoder(w).Encode(viewerSession)
} }
@@ -3032,6 +3037,9 @@ func publicFileDownloadHandler(w http.ResponseWriter, r *http.Request, db *datab
return return
} }
// Determine MIME type
mimeType := getMimeType(file.Name)
// Get WebDAV client for the file's owner // Get WebDAV client for the file's owner
client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass) client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass)
if err != nil { if err != nil {
@@ -3049,11 +3057,21 @@ func publicFileDownloadHandler(w http.ResponseWriter, r *http.Request, db *datab
} }
defer resp.Body.Close() defer resp.Body.Close()
// Copy headers // Add CORS headers for public access
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Range")
// Copy headers from Nextcloud response
for k, v := range resp.Header { for k, v := range resp.Header {
w.Header()[k] = v w.Header()[k] = v
} }
// Ensure Content-Type is set
if w.Header().Get("Content-Type") == "" {
w.Header().Set("Content-Type", mimeType)
}
// Ensure download behavior // Ensure download behavior
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", file.Name)) w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", file.Name))
@@ -3127,6 +3145,9 @@ func publicFileViewHandler(w http.ResponseWriter, r *http.Request, db *database.
return return
} }
// Determine MIME type
mimeType := getMimeType(file.Name)
// Get WebDAV client for the file's owner // Get WebDAV client for the file's owner
client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass) client, err := getUserWebDAVClient(r.Context(), db, *file.UserID, cfg.NextcloudURL, cfg.NextcloudUser, cfg.NextcloudPass)
if err != nil { if err != nil {
@@ -3144,11 +3165,21 @@ func publicFileViewHandler(w http.ResponseWriter, r *http.Request, db *database.
} }
defer resp.Body.Close() defer resp.Body.Close()
// Copy headers // Add CORS headers for public access
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Range")
// Copy headers from Nextcloud response
for k, v := range resp.Header { for k, v := range resp.Header {
w.Header()[k] = v w.Header()[k] = v
} }
// Ensure Content-Type is set
if w.Header().Get("Content-Type") == "" {
w.Header().Set("Content-Type", mimeType)
}
// Ensure inline viewing behavior (no Content-Disposition attachment) // Ensure inline viewing behavior (no Content-Disposition attachment)
w.Header().Del("Content-Disposition") w.Header().Del("Content-Disposition")
w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", file.Name)) w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", file.Name))