From f0067babe00f34df1b4f459d7e303789e3a57a91 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 27 Jul 2016 19:53:55 -0700 Subject: [PATCH] handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 --- crossdomain-xml-handler.go | 49 ++++++++++++++++++++++++++++++++++++++ routers.go | 5 ++-- 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 crossdomain-xml-handler.go diff --git a/crossdomain-xml-handler.go b/crossdomain-xml-handler.go new file mode 100644 index 000000000..1bc491671 --- /dev/null +++ b/crossdomain-xml-handler.go @@ -0,0 +1,49 @@ +/* + * Minio Cloud Storage, (C) 2016 Minio, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import "net/http" + +// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml +var crossDomainXML = `` + +// Cross domain policy implements http.Handler interface, implementing a custom ServerHTTP. +type crossDomainPolicy struct { + handler http.Handler +} + +// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player +// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. +// When clients request content hosted on a particular source domain and that content make requests +// directed towards a domain other than its own, the remote domain needs to host a cross-domain +// policy file that grants access to the source domain, allowing the client to continue the transaction. +func setCrossDomainPolicy(h http.Handler) http.Handler { + return crossDomainPolicy{handler: h} +} + +func (c crossDomainPolicy) ServeHTTP(w http.ResponseWriter, r *http.Request) { + // Look for 'crossdomain.xml' in the incoming request. + switch r.URL.Path { + case "/crossdomain.xml": + // Write the standard cross domain policy xml. + w.Write([]byte(crossDomainXML)) + // Request completed, no need to serve to other handlers. + return + } + // Continue to serve the request further. + c.handler.ServeHTTP(w, r) +} diff --git a/routers.go b/routers.go index 3d59a1c1e..b15cfccf3 100644 --- a/routers.go +++ b/routers.go @@ -71,8 +71,9 @@ func configureServerHandler(srvCmdConfig serverCmdConfig) http.Handler { var handlerFns = []HandlerFunc{ // Limits the number of concurrent http requests. setRateLimitHandler, - // Redirect some pre-defined browser request paths to a static - // location prefix. + // Adds 'crossdomain.xml' policy handler to serve legacy flash clients. + setCrossDomainPolicy, + // Redirect some pre-defined browser request paths to a static location prefix. setBrowserRedirectHandler, // Validates if incoming request is for restricted buckets. setPrivateBucketHandler,