Add necessary safe headers under CORS (#5750)

Fixes #5748
7 years ago · b052bfa79e
parent 8eb838bf91
commit b052bfa79e
1 changed files with 12 additions and 3 deletions
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@ -375,9 +375,18 @@ var defaultAllowableHTTPMethods = []string{

 // setCorsHandler handler for CORS (Cross Origin Resource Sharing)
 func setCorsHandler(h http.Handler) http.Handler {
-	commonS3Headers := []string{"Content-Length", "Content-Type", "Connection",
-		"Date", "ETag", "Server", "x-amz-delete-marker", "x-amz-id-2",
-		"x-amz-request-id", "x-amz-version-id"}
+	commonS3Headers := []string{
+		"Date",
+		"ETag",
+		"Server",
+		"Connection",
+		"Accept-Ranges",
+		"Content-Range",
+		"Content-Encoding",
+		"Content-Length",
+		"Content-Type",
+		"x-amz-request-id",
+	}
 	c := cors.New(cors.Options{
 		AllowedOrigins:   []string{"*"},
 		AllowedMethods:   defaultAllowableHTTPMethods,