Add the serverUri as trusted origin for multiuser

Author: kjetilk

lib/handlers/allow.js

@@ -43,6 +43,10 @@ function allow (mode, checkPermissionsForDirectory) {
       resourcePath += '/'
     }
 
+    let trustedOrigins = [ldp.resourceMapper.resolveUrl(req.hostname)].concat(ldp.trustedOrigins)
+    if (ldp.multiuser) {
+      trustedOrigins.push(ldp.serverUri)
+    }
     // Obtain and store the ACL of the requested resource
     req.acl = new ACL(rootUrl + resourcePath, {
       agentOrigin: req.get('origin'),
@@ -56,7 +60,7 @@ function allow (mode, checkPermissionsForDirectory) {
       },
       suffix: ldp.suffixAcl,
       strictOrigin: ldp.strictOrigin,
-      trustedOrigins: [ldp.resourceMapper.resolveUrl(req.hostname)].concat(ldp.trustedOrigins)
+      trustedOrigins: trustedOrigins
     })
 
     // Ensure the user has the required permission