fix: cors handling again for not just OPTIONS request (#10025)

CORS is notorious requires specific headers to be handled appropriately in request and response, using cors package as part of handlerFunc() for options method lacks the necessary control this package needs to add headers.
4 years ago · 37c14207d6
parent 3b9fbf80ad
commit 37c14207d6
3 changed files with 6 additions and 12 deletions
--- a/cmd/api-router.go
+++ b/cmd/api-router.go
@ -291,18 +291,14 @@ func registerAPIRouter(router *mux.Router, encryptionEnabled, allowSSEKMS bool)
 	apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc(
 		maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler))))

-	// Supports cors only for S3 handlers
-	apiRouter.Methods(http.MethodOptions).HandlerFunc(
-		maxClients(collectAPIStats("cors", httpTraceAll(corsHandlerFunc()))))
-
 	// If none of the routes match add default error handler routes
 	apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler)))
 	apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler)))

 }

-// setCorsHandler handler for CORS (Cross Origin Resource Sharing)
-func corsHandlerFunc() http.HandlerFunc {
+// corsHandler handler for CORS (Cross Origin Resource Sharing)
+func corsHandler(handler http.Handler) http.Handler {
 	commonS3Headers := []string{
 		xhttp.Date,
 		xhttp.ETag,
@ -318,7 +314,7 @@ func corsHandlerFunc() http.HandlerFunc {
 		"*",
 	}

-	c := cors.New(cors.Options{
+	return cors.New(cors.Options{
 		AllowOriginFunc: func(origin string) bool {
 			for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() {
 				if wildcard.MatchSimple(allowedOrigin, origin) {
@ -339,7 +335,5 @@ func corsHandlerFunc() http.HandlerFunc {
 		AllowedHeaders:   commonS3Headers,
 		ExposedHeaders:   commonS3Headers,
 		AllowCredentials: true,
-	})
-
-	return c.HandlerFunc
+	}).Handler(handler)
 }
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@ -267,7 +267,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 	}

 	httpServer := xhttp.NewServer([]string{globalCLIContext.Addr},
-		criticalErrorHandler{router}, getCert)
+		criticalErrorHandler{corsHandler(router)}, getCert)
 	httpServer.BaseContext = func(listener net.Listener) context.Context {
 		return GlobalContext
 	}
--- a/cmd/server-main.go
+++ b/cmd/server-main.go
@ -466,7 +466,7 @@ func serverMain(ctx *cli.Context) {
 		}
 	}()

-	httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{handler}, getCert)
+	httpServer := xhttp.NewServer([]string{globalMinioAddr}, criticalErrorHandler{corsHandler(handler)}, getCert)
 	httpServer.ErrorLog = log.New(pw, "", 0)
 	httpServer.BaseContext = func(listener net.Listener) context.Context {
 		return GlobalContext