2024-03-18 02:42:40 -04:00
|
|
|
// Copyright (c) 2015-2024 MinIO, Inc.
|
2021-04-18 15:41:13 -04:00
|
|
|
//
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2016-07-27 22:53:55 -04:00
|
|
|
|
2016-08-18 19:23:42 -04:00
|
|
|
package cmd
|
2016-07-27 22:53:55 -04:00
|
|
|
|
|
|
|
import "net/http"
|
|
|
|
|
|
|
|
// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
|
2016-11-21 16:51:05 -05:00
|
|
|
const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`
|
2016-07-27 22:53:55 -04:00
|
|
|
|
2017-01-16 20:05:00 -05:00
|
|
|
// Standard path where an app would find cross domain policy information.
|
|
|
|
const crossDomainXMLEntity = "/crossdomain.xml"
|
|
|
|
|
2016-07-27 22:53:55 -04:00
|
|
|
// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player
|
|
|
|
// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
|
|
|
|
// When clients request content hosted on a particular source domain and that content make requests
|
|
|
|
// directed towards a domain other than its own, the remote domain needs to host a cross-domain
|
|
|
|
// policy file that grants access to the source domain, allowing the client to continue the transaction.
|
2023-07-08 10:31:42 -04:00
|
|
|
func setCrossDomainPolicyMiddleware(h http.Handler) http.Handler {
|
2021-11-01 11:04:03 -04:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2024-03-18 02:42:40 -04:00
|
|
|
cxml := crossDomainXML
|
|
|
|
if globalServerCtxt.CrossDomainXML != "" {
|
|
|
|
cxml = globalServerCtxt.CrossDomainXML
|
|
|
|
}
|
2021-11-01 11:04:03 -04:00
|
|
|
// Look for 'crossdomain.xml' in the incoming request.
|
2023-03-06 11:56:10 -05:00
|
|
|
if r.URL.Path == crossDomainXMLEntity {
|
2021-11-01 11:04:03 -04:00
|
|
|
// Write the standard cross domain policy xml.
|
2024-03-18 02:42:40 -04:00
|
|
|
w.Write([]byte(cxml))
|
2021-11-01 11:04:03 -04:00
|
|
|
// Request completed, no need to serve to other handlers.
|
|
|
|
return
|
|
|
|
}
|
|
|
|
h.ServeHTTP(w, r)
|
|
|
|
})
|
2016-07-27 22:53:55 -04:00
|
|
|
}
|