From 55f904556133406af186328530471a92de39902b Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Fri, 18 Oct 2013 11:43:16 -0700
Subject: [PATCH] fix(handlers): add Access-Control-Allow-Methods to cors

This is needed to have CORs work properly. Fixes #252
---
 etcd_handlers.go | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/etcd_handlers.go b/etcd_handlers.go
index cc0c79a6d..73c144fd7 100644
--- a/etcd_handlers.go
+++ b/etcd_handlers.go
@@ -53,18 +53,21 @@ type errorHandler func(http.ResponseWriter, *http.Request) error
 // provided allowed origins and sets the Access-Control-Allow-Origin header if
 // there is a match.
 func addCorsHeader(w http.ResponseWriter, r *http.Request) {
-	val, ok := corsList["*"]
-	if val && ok {
-		w.Header().Add("Access-Control-Allow-Origin", "*")
+	addHeaders := func(origin string) bool {
+		val, ok := corsList[origin]
+		if val == false || ok == false {
+			return false
+		}
+		w.Header().Add("Access-Control-Allow-Origin", origin)
+		w.Header().Add("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS")
+		return true
+	}
+
+	if addHeaders("*") == true {
 		return
 	}
 
-	requestOrigin := r.Header.Get("Origin")
-	val, ok = corsList[requestOrigin]
-	if val && ok {
-		w.Header().Add("Access-Control-Allow-Origin", requestOrigin)
-		return
-	}
+	addHeaders(r.Header.Get("Origin"))
 }
 
 func (fn errorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {