mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix: when Origin: null is set return back '*' for allow origins (#17651)
This commit is contained in:
parent
341a89c00d
commit
d118031ed6
@ -523,14 +523,9 @@ func corsHandler(handler http.Handler) http.Handler {
|
||||
"x-amz*",
|
||||
"*",
|
||||
}
|
||||
|
||||
return cors.New(cors.Options{
|
||||
opts := cors.Options{
|
||||
AllowOriginFunc: func(origin string) bool {
|
||||
allowedOrigins := globalAPIConfig.getCorsAllowOrigins()
|
||||
if len(allowedOrigins) == 0 {
|
||||
allowedOrigins = []string{"*"}
|
||||
}
|
||||
for _, allowedOrigin := range allowedOrigins {
|
||||
for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
|
||||
if wildcard.MatchSimple(allowedOrigin, origin) {
|
||||
return true
|
||||
}
|
||||
@ -549,5 +544,13 @@ func corsHandler(handler http.Handler) http.Handler {
|
||||
AllowedHeaders: commonS3Headers,
|
||||
ExposedHeaders: commonS3Headers,
|
||||
AllowCredentials: true,
|
||||
}).Handler(handler)
|
||||
}
|
||||
for _, origin := range globalAPIConfig.getCorsAllowOrigins() {
|
||||
if origin == "*" {
|
||||
opts.AllowOriginFunc = nil
|
||||
opts.AllowedOrigins = globalAPIConfig.getCorsAllowOrigins()
|
||||
break
|
||||
}
|
||||
}
|
||||
return cors.New(opts).Handler(handler)
|
||||
}
|
||||
|
@ -219,7 +219,7 @@ func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *check) {
|
||||
func (s *TestSuiteCommon) TestCors(c *check) {
|
||||
expectedMap := http.Header{}
|
||||
expectedMap.Set("Access-Control-Allow-Credentials", "true")
|
||||
expectedMap.Set("Access-Control-Allow-Origin", "http://foobar.com")
|
||||
expectedMap.Set("Access-Control-Allow-Origin", "*")
|
||||
expectedMap["Access-Control-Expose-Headers"] = []string{
|
||||
"Date",
|
||||
"Etag",
|
||||
|
@ -193,9 +193,17 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
|
||||
RootAccess: rootAccess,
|
||||
}
|
||||
|
||||
corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",")
|
||||
if len(corsAllowOrigin) == 0 {
|
||||
var corsAllowOrigin []string
|
||||
corsList := env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin))
|
||||
if corsList == "" {
|
||||
corsAllowOrigin = []string{"*"} // defaults to '*'
|
||||
} else {
|
||||
corsAllowOrigin = strings.Split(corsList, ",")
|
||||
for _, cors := range corsAllowOrigin {
|
||||
if cors == "" {
|
||||
return cfg, errors.New("invalid cors value")
|
||||
}
|
||||
}
|
||||
}
|
||||
cfg.CorsAllowOrigin = corsAllowOrigin
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user