Fix content negotiation

The Allow header is not for a list of methods. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept

When 405 is returned, then Allow is required to be provided and be a list of methods: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/405

Author: jcoyne

src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java

@@ -208,11 +208,11 @@ protected void doOPTIONS() {
         Method[] methods = getSupportedMethods();
         if (methods.length > 0) {
             response.setStatus(Status.NO_CONTENT.getCode());
-            response.setHeader("Allow", Arrays.stream(methods)
+            response.setHeader("Access-Control-Allow-Methods", Arrays.stream(methods)
                     .map(Method::toString)
                     .collect(Collectors.joining(",")));
         } else {
-            response.setStatus(Status.METHOD_NOT_ALLOWED.getCode());
+            response.setStatus(Status.NOT_ACCEPTABLE.getCode());
         }
     }
 

src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v1/InformationResource.java

@@ -53,11 +53,11 @@ protected final void doOPTIONS() {
         if (methods.length > 0) {
             response.setStatus(Status.NO_CONTENT.getCode());
             response.setHeader("Access-Control-Allow-Headers", "Authorization");
-            response.setHeader("Allow", Arrays.stream(methods)
+            response.setHeader("Access-Control-Allow-Methods", Arrays.stream(methods)
                     .map(Method::toString)
                     .collect(Collectors.joining(",")));
         } else {
-            response.setStatus(Status.METHOD_NOT_ALLOWED.getCode());
+            response.setStatus(Status.NOT_ACCEPTABLE.getCode());
         }
     }
 

src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v2/InformationResource.java

@@ -55,11 +55,11 @@ protected final void doOPTIONS() {
         if (methods.length > 0) {
             response.setStatus(Status.NO_CONTENT.getCode());
             response.setHeader("Access-Control-Allow-Headers", "Authorization");
-            response.setHeader("Allow", Arrays.stream(methods)
+            response.setHeader("Access-Control-Allow-Methods", Arrays.stream(methods)
                     .map(Method::toString)
                     .collect(Collectors.joining(",")));
         } else {
-            response.setStatus(Status.METHOD_NOT_ALLOWED.getCode());
+            response.setStatus(Status.NOT_ACCEPTABLE.getCode());
         }
     }
 

src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v3/InformationResource.java

@@ -55,11 +55,11 @@ protected final void doOPTIONS() {
         if (methods.length > 0) {
             response.setStatus(Status.NO_CONTENT.getCode());
             response.setHeader("Access-Control-Allow-Headers", "Authorization");
-            response.setHeader("Allow", Arrays.stream(methods)
+            response.setHeader("Access-Control-Allow-Methods", Arrays.stream(methods)
                     .map(Method::toString)
                     .collect(Collectors.joining(",")));
         } else {
-            response.setStatus(Status.METHOD_NOT_ALLOWED.getCode());
+            response.setStatus(Status.NOT_ACCEPTABLE.getCode());
         }
     }
 

src/test/java/edu/illinois/library/cantaloupe/resource/LandingResourceTest.java

@@ -61,7 +61,7 @@ void testOPTIONS() throws Exception {
         assertEquals(204, response.getStatus());
 
         Headers headers = response.getHeaders();
-        List<String> methods = List.of(headers.getFirstValue("Allow").split(","));
+        List<String> methods = List.of(headers.getFirstValue("Access-Control-Allow-Methods").split(","));
         assertEquals(2, methods.size());
         assertTrue(methods.contains("GET"));
         assertTrue(methods.contains("OPTIONS"));

src/test/java/edu/illinois/library/cantaloupe/resource/admin/ConfigurationResourceTest.java

@@ -90,7 +90,7 @@ public void testOPTIONSWhenEnabled() throws Exception {
 
         Headers headers = response.getHeaders();
         List<String> methods =
-                List.of(StringUtils.split(headers.getFirstValue("Allow"), ", "));
+                List.of(StringUtils.split(headers.getFirstValue("Access-Control-Allow-Methods"), ", "));
         assertEquals(3, methods.size());
         assertTrue(methods.contains("GET"));
         assertTrue(methods.contains("PUT"));

src/test/java/edu/illinois/library/cantaloupe/resource/api/AbstractAPIResourceTest.java

@@ -68,7 +68,7 @@ public void testOPTIONSWhenEnabled() throws Exception {
 
         Headers headers = response.getHeaders();
         List<String> methods =
-                List.of(StringUtils.split(headers.getFirstValue("Allow"), ", "));
+                List.of(StringUtils.split(headers.getFirstValue("Access-Control-Allow-Methods"), ", "));
         assertEquals(2, methods.size());
         assertTrue(methods.contains("GET"));
         assertTrue(methods.contains("OPTIONS"));

src/test/java/edu/illinois/library/cantaloupe/resource/api/ConfigurationResourceTest.java

@@ -93,7 +93,7 @@ public void testOPTIONSWhenEnabled() throws Exception {
 
         Headers headers = response.getHeaders();
         List<String> methods =
-                List.of(StringUtils.split(headers.getFirstValue("Allow"), ", "));
+                List.of(StringUtils.split(headers.getFirstValue("Access-Control-Allow-Methods"), ", "));
         assertEquals(3, methods.size());
         assertTrue(methods.contains("GET"));
         assertTrue(methods.contains("PUT"));

src/test/java/edu/illinois/library/cantaloupe/resource/api/TasksResourceTest.java

@@ -47,7 +47,7 @@ public void testOPTIONSWhenEnabled() throws Exception {
 
         Headers headers = response.getHeaders();
         List<String> methods =
-                List.of(StringUtils.split(headers.getFirstValue("Allow"), ", "));
+                List.of(StringUtils.split(headers.getFirstValue("Access-Control-Allow-Methods"), ", "));
         assertEquals(2, methods.size());
         assertTrue(methods.contains("POST"));
         assertTrue(methods.contains("OPTIONS"));

src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v1/ImageResourceTest.java

@@ -586,7 +586,7 @@ void testOPTIONSWhenEnabled() throws Exception {
 
         Headers headers = response.getHeaders();
         List<String> methods =
-                List.of(StringUtils.split(headers.getFirstValue("Allow"), ", "));
+                List.of(StringUtils.split(headers.getFirstValue("Access-Control-Allow-Methods"), ", "));
         assertEquals(2, methods.size());
         assertTrue(methods.contains("GET"));
         assertTrue(methods.contains("OPTIONS"));