Merge branch 'main' of https://github.com/andywarburton/circuitpython

2022-08-02 21:10:46 +01:00 · 2022-08-02 21:10:46 +01:00 · 019fbb1cb9
commit 019fbb1cb9
parent b67f3585e8 b38109c488
3 changed files with 5 additions and 3 deletions
--- a/docs/workflows.md
+++ b/docs/workflows.md
@ -82,6 +82,7 @@ CIRCUITPY_WIFI_SSID='scottswifi'
 CIRCUITPY_WIFI_PASSWORD='secretpassword'

 # To enable modifying files from the web. Change this too!
+# Leave the User field blank in the browser.
 CIRCUITPY_WEB_API_PASSWORD='passw0rd'

 CIRCUITPY_WEB_API_PORT=80
@ -121,7 +122,7 @@ The web server will allow requests from `cpy-XXXXXX.local`, `127.0.0.1`, the dev
 ### File REST API
 All file system related APIs are protected by HTTP basic authentication. It is *NOT* secure but will
 hopefully prevent some griefing in shared settings. The password is sent unencrypted so do not reuse
-a password with something important.
+a password with something important. The user field is left blank.

 The password is taken from `/.env` with the key `CIRCUITPY_WEB_API_PASSWORD`. If this is unset, the
 server will respond with `403 Forbidden`. When a password is set, but not provided in a request, it
--- a/supervisor/shared/web_workflow/static/directory.js
+++ b/supervisor/shared/web_workflow/static/directory.js
@ -63,6 +63,7 @@ async function refresh_list() {
        var icon = "⬇";
        var file_path = current_path + f.name;
        let api_url = new URL("/fs" + file_path, url_base);
+        let edit_url = "/edit/#" + file_path;
        if (f.directory) {
            file_path = "#" + file_path + "/";
            api_url += "/";
@ -91,7 +92,7 @@ async function refresh_list() {
        delete_button.disabled = !editable;
        delete_button.onclick = del;

-        let edit_url = new URL("/edit/#" + f.name, url_base);
+        edit_url = new URL(edit_url, url_base);
        let edit_link = clone.querySelector(".edit_link");
        edit_link.href = edit_url

--- a/supervisor/shared/web_workflow/web_workflow.c
+++ b/supervisor/shared/web_workflow/web_workflow.c
@ -492,7 +492,7 @@ static void _reply_access_control(socketpool_socket_obj_t *socket, _request *req
        "HTTP/1.1 204 No Content\r\n",
        "Content-Length: 0\r\n",
        "Access-Control-Expose-Headers: Access-Control-Allow-Methods\r\n",
-        "Access-Control-Allow-Headers: X-Timestamp, Content-Type\r\n",
+        "Access-Control-Allow-Headers: X-Timestamp, Content-Type, Authorization\r\n",
        "Access-Control-Allow-Methods:GET, OPTIONS", NULL);
    if (!_usb_active()) {
        _send_str(socket, ", PUT, DELETE");