From ae707e6fc93942f78a606e2b7b12b0f88337c8d5 Mon Sep 17 00:00:00 2001
From: Albie Spriddell <albion@dragonfruit.network>
Date: Wed, 1 Jan 2025 16:37:26 +0000
Subject: [PATCH] cors updates (again)

---
 .../Controllers/AssetDownloadController.cs                   | 2 +-
 DragonFruit.OnionFruit.Web/Program.cs                        | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs b/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs
index 4c189df..cc8921f 100644
--- a/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs
+++ b/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs
@@ -16,7 +16,7 @@ namespace DragonFruit.OnionFruit.Web.Controllers;
 [EnableCors("Assets")]
 public class AssetDownloadController(IRemoteAssetStore assetStore) : ControllerBase
 {
-    [HttpGet, HttpHead]
+    [HttpGet]
     [ResponseCache(NoStore = true)]
     [Route("~/assets/{*assetPath}")]
     public async Task<IActionResult> ResolveAssetPath(string assetPath)
diff --git a/DragonFruit.OnionFruit.Web/Program.cs b/DragonFruit.OnionFruit.Web/Program.cs
index b3480f4..1810ea8 100644
--- a/DragonFruit.OnionFruit.Web/Program.cs
+++ b/DragonFruit.OnionFruit.Web/Program.cs
@@ -46,8 +46,9 @@ public static async Task Main(string[] args)
 
             cors.AddPolicy("Assets", policy =>
             {
-                policy.WithMethods("GET", "HEAD");
-                policy.WithExposedHeaders("X-Asset-Location");
+                policy.WithMethods("GET");
+                policy.WithHeaders("If-Modified-Since");
+                policy.WithExposedHeaders("ETag", "X-Asset-Location");
 
                 policy.SetIsOriginAllowed(IsValidOrigin);
                 policy.SetPreflightMaxAge(TimeSpan.FromHours(12));