MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-30 22:51:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: when Origin: null is set return back '*' for allow origins (#17651)

Browse Source
This commit is contained in:
jiuker 2023-07-16 03:15:06 +08:00 committed by GitHub
parent 341a89c00d
commit d118031ed6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/api-router.go
View File

@ -523,14 +523,9 @@ func corsHandler(handler http.Handler) http.Handler {
"x-amz*", "x-amz*",
"*", "*",
} }
opts := cors.Options{
return cors.New(cors.Options{
AllowOriginFunc: func(origin string) bool { AllowOriginFunc: func(origin string) bool {
allowedOrigins := globalAPIConfig.getCorsAllowOrigins() for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
if len(allowedOrigins) == 0 {
allowedOrigins = []string{"*"}
}
for _, allowedOrigin := range allowedOrigins {
if wildcard.MatchSimple(allowedOrigin, origin) { if wildcard.MatchSimple(allowedOrigin, origin) {
return true return true
} }
@ -549,5 +544,13 @@ func corsHandler(handler http.Handler) http.Handler {
AllowedHeaders: commonS3Headers, AllowedHeaders: commonS3Headers,
ExposedHeaders: commonS3Headers, ExposedHeaders: commonS3Headers,
AllowCredentials: true, AllowCredentials: true,
}).Handler(handler) }
for _, origin := range globalAPIConfig.getCorsAllowOrigins() {
if origin == "*" {
opts.AllowOriginFunc = nil
opts.AllowedOrigins = globalAPIConfig.getCorsAllowOrigins()
break
}
}
return cors.New(opts).Handler(handler)
} }

2
cmd/server_test.go
View File

@ -219,7 +219,7 @@ func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *check) {
func (s *TestSuiteCommon) TestCors(c *check) { func (s *TestSuiteCommon) TestCors(c *check) {
expectedMap := http.Header{} expectedMap := http.Header{}
expectedMap.Set("Access-Control-Allow-Credentials", "true") expectedMap.Set("Access-Control-Allow-Credentials", "true")
expectedMap.Set("Access-Control-Allow-Origin", "http://foobar.com") expectedMap.Set("Access-Control-Allow-Origin", "*")
expectedMap["Access-Control-Expose-Headers"] = []string{ expectedMap["Access-Control-Expose-Headers"] = []string{
"Date", "Date",
"Etag", "Etag",

12
internal/config/api/api.go
View File

@ -193,9 +193,17 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
RootAccess: rootAccess, RootAccess: rootAccess,
} }
corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",") var corsAllowOrigin []string
if len(corsAllowOrigin) == 0 { corsList := env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin))
if corsList == "" {
corsAllowOrigin = []string{"*"} // defaults to '*' corsAllowOrigin = []string{"*"} // defaults to '*'
} else {
corsAllowOrigin = strings.Split(corsList, ",")
for _, cors := range corsAllowOrigin {
if cors == "" {
return cfg, errors.New("invalid cors value")
}
}
} }
cfg.CorsAllowOrigin = corsAllowOrigin cfg.CorsAllowOrigin = corsAllowOrigin