Skip to content

Commit

Permalink
Turning off CORS for 4.18
Browse files Browse the repository at this point in the history
Signed-off-by: jackyalbo <[email protected]>
  • Loading branch information
jackyalbo committed Dec 3, 2024
1 parent 6639c90 commit 05ebfde
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 25 deletions.
4 changes: 2 additions & 2 deletions src/endpoint/s3/s3_rest.js
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,9 @@ async function handle_request(req, res) {
}

const op_name = parse_op_name(req);
const cors = req.params.bucket && await req.object_sdk.read_bucket_sdk_cors_info(req.params.bucket);
// const cors = req.params.bucket && await req.object_sdk.read_bucket_sdk_cors_info(req.params.bucket);

http_utils.set_cors_headers_s3(req, res, cors);
http_utils.set_cors_headers_s3(req, res, /* cors */ undefined);

if (req.method === 'OPTIONS') {
dbg.log1('OPTIONS!');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,10 @@ s3tests_boto3/functional/test_s3.py::test_multipart_upload_size_too_small
s3tests_boto3/functional/test_s3.py::test_abort_multipart_upload
s3tests_boto3/functional/test_s3.py::test_multipart_copy_improper_range
s3tests_boto3/functional/test_s3.py::test_100_continue
s3tests_boto3/functional/test_s3.py::test_set_cors
s3tests_boto3/functional/test_s3.py::test_cors_origin_wildcard
s3tests_boto3/functional/test_s3.py::test_cors_origin_response
s3tests_boto3/functional/test_s3.py::test_cors_header_option
s3tests_boto3/functional/test_s3.py::test_set_tagging
s3tests_boto3/functional/test_s3.py::test_multipart_resend_first_finishes_last
s3tests_boto3/functional/test_s3.py::test_versioned_object_acl
Expand Down Expand Up @@ -396,6 +400,8 @@ s3tests_boto3/functional/test_s3.py::test_sse_s3_encrypted_upload_1b
s3tests_boto3/functional/test_s3.py::test_sse_s3_encrypted_upload_1kb
s3tests_boto3/functional/test_s3.py::test_sse_s3_encrypted_upload_1mb
s3tests_boto3/functional/test_s3.py::test_sse_s3_encrypted_upload_8mb
s3tests_boto3/functional/test_s3.py::test_cors_presigned_get_object
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object
s3tests_boto3/functional/test_s3.py::test_cors_presigned_get_object_tenant
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object_with_acl
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object_tenant
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,10 @@ s3tests_boto3/functional/test_s3.py::test_multipart_upload_size_too_small
s3tests_boto3/functional/test_s3.py::test_abort_multipart_upload
s3tests_boto3/functional/test_s3.py::test_multipart_copy_improper_range
s3tests_boto3/functional/test_s3.py::test_100_continue
s3tests_boto3/functional/test_s3.py::test_set_cors
s3tests_boto3/functional/test_s3.py::test_cors_origin_wildcard
s3tests_boto3/functional/test_s3.py::test_cors_origin_response
s3tests_boto3/functional/test_s3.py::test_cors_header_option
s3tests_boto3/functional/test_s3.py::test_set_tagging
s3tests_boto3/functional/test_s3.py::test_multipart_resend_first_finishes_last
s3tests_boto3/functional/test_s3.py::test_versioned_object_acl
Expand Down Expand Up @@ -350,5 +354,7 @@ s3tests_boto3/functional/test_sts.py::test_assume_role_with_web_identity_wrong_r
s3tests_boto3/functional/test_sts.py::test_assume_role_with_web_identity_resource_tag_princ_tag
s3tests_boto3/functional/test_sts.py::test_assume_role_with_web_identity_resource_tag_copy_obj
s3tests_boto3/functional/test_sts.py::test_assume_role_with_web_identity_role_resource_tag
s3tests_boto3/functional/test_s3.py::test_cors_presigned_get_object
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object_with_acl
s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object_tenant_with_acl
56 changes: 33 additions & 23 deletions src/util/http_utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -655,32 +655,42 @@ function set_cors_headers(req, res, cors) {
* @param {CORSRule[]} cors_rules
*/
function set_cors_headers_s3(req, res, cors_rules) {
if (!config.S3_CORS_ENABLED || !cors_rules) return;

// based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html
const match_method = req.headers['access-control-request-method'] || req.method;
const match_origin = req.headers.origin;
const match_header = req.headers['access-control-request-headers']; // not a must
const matched_rule = req.headers.origin && ( // find the first rule with origin and method match
cors_rules.find(rule => {
const allowed_origins_regex = rule.allowed_origins.map(r => RegExp(`^${r.replace(/\*/g, '.*')}$`));
const allowed_headers_regex = rule.allowed_headers?.map(r => RegExp(`^${r.replace(/\*/g, '.*')}$`));
return allowed_origins_regex.some(r => r.test(match_origin)) &&
rule.allowed_methods.includes(match_method) &&
// we can match if no request headers or if reuqest headers match the rule allowed headers
(!match_header || allowed_headers_regex?.some(r => r.test(match_header)));
}));
if (matched_rule) {
// https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
if (config.S3_CORS_ENABLED) {
set_cors_headers(req, res, {
allow_origin: matched_rule.allowed_origins.includes('*') ? '*' : req.headers.origin,
allow_methods: matched_rule.allowed_methods.join(','),
allow_headers: matched_rule.allowed_headers?.join(','),
expose_headers: matched_rule.expose_headers?.join(','),
allow_credentials: 'true',
max_age: matched_rule?.max_age
allow_origin: config.S3_CORS_ALLOW_ORIGIN,
allow_credentials: config.S3_CORS_ALLOW_CREDENTIAL,
allow_methods: config.S3_CORS_ALLOW_METHODS,
allow_headers: config.S3_CORS_ALLOW_HEADERS,
expose_headers: config.STS_CORS_EXPOSE_HEADERS,
});
}
// CORS CURRENTLY BREAKS OBJECT BROWSER - WILL ONLY SUPPORT DEFAULT HEADERS FOR NOW
// if (!config.S3_CORS_ENABLED || !cors_rules) return;

// // based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html
// const match_method = req.headers['access-control-request-method'] || req.method;
// const match_origin = req.headers.origin;
// const match_header = req.headers['access-control-request-headers']; // not a must
// const matched_rule = req.headers.origin && ( // find the first rule with origin and method match
// cors_rules.find(rule => {
// const allowed_origins_regex = rule.allowed_origins.map(r => RegExp(`^${r.replace(/\*/g, '.*')}$`));
// const allowed_headers_regex = rule.allowed_headers?.map(r => RegExp(`^${r.replace(/\*/g, '.*')}$`));
// return allowed_origins_regex.some(r => r.test(match_origin)) &&
// rule.allowed_methods.includes(match_method) &&
// // we can match if no request headers or if reuqest headers match the rule allowed headers
// (!match_header || allowed_headers_regex?.some(r => r.test(match_header)));
// }));
// if (matched_rule) {
// // https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
// set_cors_headers(req, res, {
// allow_origin: matched_rule.allowed_origins.includes('*') ? '*' : req.headers.origin,
// allow_methods: matched_rule.allowed_methods.join(','),
// allow_headers: matched_rule.allowed_headers?.join(','),
// expose_headers: matched_rule.expose_headers?.join(','),
// allow_credentials: 'true',
// max_age: matched_rule?.max_age
// });
// }
}

/**
Expand Down

0 comments on commit 05ebfde

Please sign in to comment.