From 37c14207d6fa7d67730118b1d109c6434f4b555d Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sun, 12 Jul 2020 10:56:57 -0700 Subject: [PATCH] fix: cors handling again for not just OPTIONS request (#10025) CORS is notorious requires specific headers to be handled appropriately in request and response, using cors package as part of handlerFunc() for options method lacks the necessary control this package needs to add headers. --- cmd/api-router.go | 14 ++++---------- cmd/gateway-main.go | 2 +- cmd/server-main.go | 2 +- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/cmd/api-router.go b/cmd/api-router.go index 9f2369414..1074e3a96 100644 --- a/cmd/api-router.go +++ b/cmd/api-router.go @@ -291,18 +291,14 @@ func registerAPIRouter(router *mux.Router, encryptionEnabled, allowSSEKMS bool) apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc( maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler)))) - // Supports cors only for S3 handlers - apiRouter.Methods(http.MethodOptions).HandlerFunc( - maxClients(collectAPIStats("cors", httpTraceAll(corsHandlerFunc())))) - // If none of the routes match add default error handler routes apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler))) apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler))) } -// setCorsHandler handler for CORS (Cross Origin Resource Sharing) -func corsHandlerFunc() http.HandlerFunc { +// corsHandler handler for CORS (Cross Origin Resource Sharing) +func corsHandler(handler http.Handler) http.Handler { commonS3Headers := []string{ xhttp.Date, xhttp.ETag, @@ -318,7 +314,7 @@ func corsHandlerFunc() http.HandlerFunc { "*", } - c := cors.New(cors.Options{ + return cors.New(cors.Options{ AllowOriginFunc: func(origin string) bool { for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() { if wildcard.MatchSimple(allowedOrigin, origin) { @@ -339,7 +335,5 @@ func corsHandlerFunc() http.HandlerFunc { AllowedHeaders: commonS3Headers, ExposedHeaders: commonS3Headers, AllowCredentials: true, - }) - - return c.HandlerFunc + }).Handler(handler) } diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index c45839205..8920693df 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -267,7 +267,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) { } httpServer := xhttp.NewServer([]string{globalCLIContext.Addr}, - criticalErrorHandler{router}, getCert) + criticalErrorHandler{corsHandler(router)}, getCert) httpServer.BaseContext = func(listener net.Listener) context.Context { return GlobalContext } diff --git a/cmd/server-main.go b/cmd/server-main.go index 3db11ce2c..438c8f1e0 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -466,7 +466,7 @@ func serverMain(ctx *cli.Context) { } }() - httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{handler}, getCert) + httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{corsHandler(handler)}, getCert) httpServer.ErrorLog = log.New(pw, "", 0) httpServer.BaseContext = func(listener net.Listener) context.Context { return GlobalContext