From bb9a5fbe9216da0402c540aaa9726281de7f6053 Mon Sep 17 00:00:00 2001
From: Arnaud <arno.deville@gmail.com>
Date: Wed, 14 Aug 2024 23:08:04 +0200
Subject: [PATCH] Add OPTIONS endpoint to allow the content-type header for the
 upload endpoint (#869)

* Add OPTIONS endpoint to allow the content-type header
exec git commit --amend --no-edit -S

* Remove useless header "Access-Control-Headers" and add cache

Signed-off-by: Arnaud <arnaud@status.im>

---------

Signed-off-by: Arnaud <arnaud@status.im>
Co-authored-by: Giuliano Mega <giuliano.mega@gmail.com>
---
 codex/rest/api.nim | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/codex/rest/api.nim b/codex/rest/api.nim
index d44cffa4..b209e7c9 100644
--- a/codex/rest/api.nim
+++ b/codex/rest/api.nim
@@ -110,6 +110,20 @@ proc retrieveCid(
 proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRouter) =
   let allowedOrigin = router.allowedOrigin # prevents capture inside of api defintion
 
+  router.api(
+    MethodOptions,
+    "/api/codex/v1/data") do (
+       resp: HttpResponseRef) -> RestApiResponse:
+
+      if corsOrigin =? allowedOrigin:
+        resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
+        resp.setHeader("Access-Control-Allow-Methods", "POST, OPTIONS")
+        resp.setHeader("Access-Control-Allow-Headers", "content-type")
+        resp.setHeader("Access-Control-Max-Age", "86400")
+
+      resp.status = Http204
+      await resp.sendBody("")
+
   router.rawApi(
     MethodPost,
     "/api/codex/v1/data") do (