Force correct Content-Type for public files and add OPTIONS handlers for CORS

go_cloud/internal/http/routes.go

@@ -356,12 +356,30 @@ func NewRouter(cfg *config.Config, db *database.DB, jwtManager *jwt.Manager, aut
 		r.Get("/share/{token}", func(w http.ResponseWriter, req *http.Request) {
 			publicFileShareHandler(w, req, db, jwtManager)
 		})
+		r.Options("/share/{token}", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Range")
+			w.WriteHeader(http.StatusOK)
+		})
 		r.Get("/share/{token}/download", func(w http.ResponseWriter, req *http.Request) {
 			publicFileDownloadHandler(w, req, db, cfg, jwtManager)
 		})
+		r.Options("/share/{token}/download", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Range")
+			w.WriteHeader(http.StatusOK)
+		})
 		r.Get("/share/{token}/view", func(w http.ResponseWriter, req *http.Request) {
 			publicFileViewHandler(w, req, db, cfg, jwtManager)
 		})
+		r.Options("/share/{token}/view", func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Range")
+			w.WriteHeader(http.StatusOK)
+		})
 	})
 
 	return r
@@ -3062,16 +3080,16 @@ func publicFileDownloadHandler(w http.ResponseWriter, r *http.Request, db *datab
 	w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
 	w.Header().Set("Access-Control-Allow-Headers", "Range")
 
-	// Copy headers from Nextcloud response
+	// Copy headers from Nextcloud response, but skip Content-Type to ensure correct MIME type
 	for k, v := range resp.Header {
+		if k != "Content-Type" {
 			w.Header()[k] = v
 		}
-
-	// Ensure Content-Type is set
-	if w.Header().Get("Content-Type") == "" {
-		w.Header().Set("Content-Type", mimeType)
 	}
 
+	// Set correct Content-Type based on file extension
+	w.Header().Set("Content-Type", mimeType)
+
 	// Ensure download behavior
 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", file.Name))
 
@@ -3170,16 +3188,16 @@ func publicFileViewHandler(w http.ResponseWriter, r *http.Request, db *database.
 	w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
 	w.Header().Set("Access-Control-Allow-Headers", "Range")
 
-	// Copy headers from Nextcloud response
+	// Copy headers from Nextcloud response, but skip Content-Type to ensure correct MIME type
 	for k, v := range resp.Header {
+		if k != "Content-Type" {
 			w.Header()[k] = v
 		}
-
-	// Ensure Content-Type is set
-	if w.Header().Get("Content-Type") == "" {
-		w.Header().Set("Content-Type", mimeType)
 	}
 
+	// Set correct Content-Type based on file extension
+	w.Header().Set("Content-Type", mimeType)
+
 	// Ensure inline viewing behavior (no Content-Disposition attachment)
 	w.Header().Del("Content-Disposition")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", file.Name))