fix(handlers): add Access-Control-Allow-Methods to cors

This is needed to have CORs work properly. Fixes #252

etcd_handlers.go

@@ -53,18 +53,21 @@ type errorHandler func(http.ResponseWriter, *http.Request) error
 // provided allowed origins and sets the Access-Control-Allow-Origin header if
 // there is a match.
 func addCorsHeader(w http.ResponseWriter, r *http.Request) {
-	val, ok := corsList["*"]
+	addHeaders := func(origin string) bool {
-	if val && ok {
+		val, ok := corsList[origin]
-		w.Header().Add("Access-Control-Allow-Origin", "*")
+		if val == false || ok == false {
+			return false
+		}
+		w.Header().Add("Access-Control-Allow-Origin", origin)
+		w.Header().Add("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS")
+		return true
+	}
+
+	if addHeaders("*") == true {
 		return
 	}
 
-	requestOrigin := r.Header.Get("Origin")
+	addHeaders(r.Header.Get("Origin"))
-	val, ok = corsList[requestOrigin]
-	if val && ok {
-		w.Header().Add("Access-Control-Allow-Origin", requestOrigin)
-		return
-	}
 }
 
 func (fn errorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {