From 3061eb367001fd13f75980fac1084639ab7c0abb Mon Sep 17 00:00:00 2001
From: Aashish Sharma
 <aasharma@li-e74156cc-2f67-11b2-a85c-e98659a63c5c.ibm.com>
Date: Thu, 14 Mar 2024 14:25:08 +0530
Subject: [PATCH] Allow DELETE method api request, X-TOTAL-COUNT header in CORS
 config in dashboard

Fixes: https://tracker.ceph.com/issues/64913

Signed-off-by: Aashish Sharma <aasharma@redhat.com>
---
 src/pybind/mgr/dashboard/tools.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pybind/mgr/dashboard/tools.py b/src/pybind/mgr/dashboard/tools.py
index 5619b5bb90d57..51ed9c471aac6 100644
--- a/src/pybind/mgr/dashboard/tools.py
+++ b/src/pybind/mgr/dashboard/tools.py
@@ -873,7 +873,7 @@ def cors_tool():
     cross_origin_url_list = [url.strip() for url in cross_origin_urls.split(',')]
     if req_header_cross_origin_url in cross_origin_url_list:
         resp_head['Access-Control-Allow-Origin'] = req_header_cross_origin_url
-    resp_head['Access-Control-Expose-Headers'] = 'GET, POST'
+    resp_head['Access-Control-Expose-Headers'] = 'GET, POST, X-Total-Count'
     resp_head['Access-Control-Allow-Credentials'] = 'true'
 
     # Non-simple CORS preflight request; short-circuit the normal handler.
@@ -883,7 +883,7 @@ def cors_tool():
             resp_head['Access-Control-Allow-Origin'] = req_header_origin_url
         ac_method = req_head.get('Access-Control-Request-Method', None)
 
-        allowed_methods = ['GET', 'POST', 'PUT']
+        allowed_methods = ['GET', 'POST', 'PUT', 'DELETE']
         allowed_headers = [
             'Content-Type',
             'Authorization',
-- 
2.47.3