mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix: honor requested allow origin settings properly (#17789)
fixes #17778
This commit is contained in:
parent
1664fd8bb1
commit
4a4950fe41
2
.github/workflows/vulncheck.yml
vendored
2
.github/workflows/vulncheck.yml
vendored
@ -20,7 +20,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19.11
|
||||
go-version: 1.19.12
|
||||
check-latest: true
|
||||
- name: Get official govulncheck
|
||||
run: go install golang.org/x/vuln/cmd/govulncheck@latest
|
||||
|
@ -545,12 +545,5 @@ func corsHandler(handler http.Handler) http.Handler {
|
||||
ExposedHeaders: commonS3Headers,
|
||||
AllowCredentials: true,
|
||||
}
|
||||
for _, origin := range globalAPIConfig.getCorsAllowOrigins() {
|
||||
if origin == "*" {
|
||||
opts.AllowOriginFunc = nil
|
||||
opts.AllowedOrigins = globalAPIConfig.getCorsAllowOrigins()
|
||||
break
|
||||
}
|
||||
}
|
||||
return cors.New(opts).Handler(handler)
|
||||
}
|
||||
|
@ -443,6 +443,11 @@ func setRequestValidityMiddleware(h http.Handler) http.Handler {
|
||||
// is obtained from centralized etcd configuration service.
|
||||
func setBucketForwardingMiddleware(h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if origin := w.Header().Get("Access-Control-Allow-Origin"); origin == "null" {
|
||||
// This is a workaround change to ensure that "Origin: null"
|
||||
// incoming request to a response back as "*" instead of "null"
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
}
|
||||
if globalDNSConfig == nil || !globalBucketFederation ||
|
||||
guessIsHealthCheckReq(r) || guessIsMetricsReq(r) ||
|
||||
guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) {
|
||||
|
@ -219,7 +219,7 @@ func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *check) {
|
||||
func (s *TestSuiteCommon) TestCors(c *check) {
|
||||
expectedMap := http.Header{}
|
||||
expectedMap.Set("Access-Control-Allow-Credentials", "true")
|
||||
expectedMap.Set("Access-Control-Allow-Origin", "*")
|
||||
expectedMap.Set("Access-Control-Allow-Origin", "http://foobar.com")
|
||||
expectedMap["Access-Control-Expose-Headers"] = []string{
|
||||
"Date",
|
||||
"Etag",
|
||||
|
Loading…
Reference in New Issue
Block a user