From 6159ea9cf5597db9a9c0c56641069e3a91d5ea9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rom=C4=81ns=20Pota=C5=A1ovs?= <justgook@gmail.com>
Date: Sun, 8 Feb 2026 23:34:10 +0200
Subject: [PATCH] webdav: add missing headers for CORS

fix #7492
---
 lib/http/middleware.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/http/middleware.go b/lib/http/middleware.go
index ebfe301a1..5c3c9646a 100644
--- a/lib/http/middleware.go
+++ b/lib/http/middleware.go
@@ -189,7 +189,7 @@ func MiddlewareCORS(allowOrigin string) Middleware {
 
 			if allowOrigin != "" {
 				w.Header().Add("Access-Control-Allow-Origin", allowOrigin)
-				w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
+				w.Header().Add("Access-Control-Allow-Headers", "Authorization, Content-Type, Depth, Destination, If, Lock-Token, Overwrite, TimeOut, Translate")
 				w.Header().Add("Access-Control-Allow-Methods", "COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, TRACE, UNLOCK")
 				w.Header().Add("Access-Control-Max-Age", "86400")
 			}