fix: cors handling again for not just OPTIONS request (#10025)

CORS is notorious requires specific headers to be
handled appropriately in request and response,
using cors package as part of handlerFunc() for
options method lacks the necessary control this
package needs to add headers.
This commit is contained in:
Harshavardhana 2020-07-12 10:56:57 -07:00 committed by GitHub
parent 3b9fbf80ad
commit 37c14207d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 12 deletions

View File

@ -291,18 +291,14 @@ func registerAPIRouter(router *mux.Router, encryptionEnabled, allowSSEKMS bool)
apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc( apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc(
maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler)))) maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler))))
// Supports cors only for S3 handlers
apiRouter.Methods(http.MethodOptions).HandlerFunc(
maxClients(collectAPIStats("cors", httpTraceAll(corsHandlerFunc()))))
// If none of the routes match add default error handler routes // If none of the routes match add default error handler routes
apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler))) apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler)))
apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler))) apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler)))
} }
// setCorsHandler handler for CORS (Cross Origin Resource Sharing) // corsHandler handler for CORS (Cross Origin Resource Sharing)
func corsHandlerFunc() http.HandlerFunc { func corsHandler(handler http.Handler) http.Handler {
commonS3Headers := []string{ commonS3Headers := []string{
xhttp.Date, xhttp.Date,
xhttp.ETag, xhttp.ETag,
@ -318,7 +314,7 @@ func corsHandlerFunc() http.HandlerFunc {
"*", "*",
} }
c := cors.New(cors.Options{ return cors.New(cors.Options{
AllowOriginFunc: func(origin string) bool { AllowOriginFunc: func(origin string) bool {
for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() { for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
if wildcard.MatchSimple(allowedOrigin, origin) { if wildcard.MatchSimple(allowedOrigin, origin) {
@ -339,7 +335,5 @@ func corsHandlerFunc() http.HandlerFunc {
AllowedHeaders: commonS3Headers, AllowedHeaders: commonS3Headers,
ExposedHeaders: commonS3Headers, ExposedHeaders: commonS3Headers,
AllowCredentials: true, AllowCredentials: true,
}) }).Handler(handler)
return c.HandlerFunc
} }

View File

@ -267,7 +267,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
} }
httpServer := xhttp.NewServer([]string{globalCLIContext.Addr}, httpServer := xhttp.NewServer([]string{globalCLIContext.Addr},
criticalErrorHandler{router}, getCert) criticalErrorHandler{corsHandler(router)}, getCert)
httpServer.BaseContext = func(listener net.Listener) context.Context { httpServer.BaseContext = func(listener net.Listener) context.Context {
return GlobalContext return GlobalContext
} }

View File

@ -466,7 +466,7 @@ func serverMain(ctx *cli.Context) {
} }
}() }()
httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{handler}, getCert) httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{corsHandler(handler)}, getCert)
httpServer.ErrorLog = log.New(pw, "", 0) httpServer.ErrorLog = log.New(pw, "", 0)
httpServer.BaseContext = func(listener net.Listener) context.Context { httpServer.BaseContext = func(listener net.Listener) context.Context {
return GlobalContext return GlobalContext