fix: honor requested allow origin settings properly (#17789)

fixes #17778
This commit is contained in:
Harshavardhana 2023-08-02 20:41:21 -07:00 committed by GitHub
parent 1664fd8bb1
commit 4a4950fe41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 9 deletions

View File

@ -20,7 +20,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.19.11
go-version: 1.19.12
check-latest: true
- name: Get official govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest

View File

@ -545,12 +545,5 @@ func corsHandler(handler http.Handler) http.Handler {
ExposedHeaders: commonS3Headers,
AllowCredentials: true,
}
for _, origin := range globalAPIConfig.getCorsAllowOrigins() {
if origin == "*" {
opts.AllowOriginFunc = nil
opts.AllowedOrigins = globalAPIConfig.getCorsAllowOrigins()
break
}
}
return cors.New(opts).Handler(handler)
}

View File

@ -443,6 +443,11 @@ func setRequestValidityMiddleware(h http.Handler) http.Handler {
// is obtained from centralized etcd configuration service.
func setBucketForwardingMiddleware(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if origin := w.Header().Get("Access-Control-Allow-Origin"); origin == "null" {
// This is a workaround change to ensure that "Origin: null"
// incoming request to a response back as "*" instead of "null"
w.Header().Set("Access-Control-Allow-Origin", "*")
}
if globalDNSConfig == nil || !globalBucketFederation ||
guessIsHealthCheckReq(r) || guessIsMetricsReq(r) ||
guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) {

View File

@ -219,7 +219,7 @@ func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *check) {
func (s *TestSuiteCommon) TestCors(c *check) {
expectedMap := http.Header{}
expectedMap.Set("Access-Control-Allow-Credentials", "true")
expectedMap.Set("Access-Control-Allow-Origin", "*")
expectedMap.Set("Access-Control-Allow-Origin", "http://foobar.com")
expectedMap["Access-Control-Expose-Headers"] = []string{
"Date",
"Etag",