MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: when Origin: null is set return back '*' for allow origins (#17651)

This commit is contained in:
jiuker 2023-07-16 03:15:06 +08:00 committed by GitHub
parent 341a89c00d
commit d118031ed6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/api-router.go
View File

@ -523,14 +523,9 @@ func corsHandler(handler http.Handler) http.Handler {
"x-amz*",
"*",
}
return cors.New(cors.Options{
opts := cors.Options{
AllowOriginFunc: func(origin string) bool {
allowedOrigins := globalAPIConfig.getCorsAllowOrigins()
if len(allowedOrigins) == 0 {
allowedOrigins = []string{"*"}
}
for _, allowedOrigin := range allowedOrigins {
for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
if wildcard.MatchSimple(allowedOrigin, origin) {
return true
}
@ -549,5 +544,13 @@ func corsHandler(handler http.Handler) http.Handler {
AllowedHeaders: commonS3Headers,
ExposedHeaders: commonS3Headers,
AllowCredentials: true,
}).Handler(handler)
}
for _, origin := range globalAPIConfig.getCorsAllowOrigins() {
if origin == "*" {
opts.AllowOriginFunc = nil
opts.AllowedOrigins = globalAPIConfig.getCorsAllowOrigins()
break
}
}
return cors.New(opts).Handler(handler)
}

2
cmd/server_test.go
View File

@ -219,7 +219,7 @@ func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *check) {
func (s *TestSuiteCommon) TestCors(c *check) {
expectedMap := http.Header{}
expectedMap.Set("Access-Control-Allow-Credentials", "true")
expectedMap.Set("Access-Control-Allow-Origin", "http://foobar.com")
expectedMap.Set("Access-Control-Allow-Origin", "*")
expectedMap["Access-Control-Expose-Headers"] = []string{
"Date",
"Etag",

12
internal/config/api/api.go
View File

@ -193,9 +193,17 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
RootAccess: rootAccess,
}
corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",")
if len(corsAllowOrigin) == 0 {
var corsAllowOrigin []string
corsList := env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin))
if corsList == "" {
corsAllowOrigin = []string{"*"} // defaults to '*'
} else {
corsAllowOrigin = strings.Split(corsList, ",")
for _, cors := range corsAllowOrigin {
if cors == "" {
return cfg, errors.New("invalid cors value")
}
}
}
cfg.CorsAllowOrigin = corsAllowOrigin