gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(s3api): missing Vary: Origin header on non-CORS and OPTIONS requests (#8072)

Browse Source 
* fix: Refactor CORS middleware to consistently apply the `Vary: Origin` header when a configuration exists and streamline request processing logic.

* fix: Add Vary: Origin header to CORS OPTIONS responses and refactor request handling for clarity and correctness.

* fix: update CORS middleware tests to correctly parse and check for 'Origin' in Vary header.

* refactor: extract `hasVaryOrigin` helper function to simplify Vary header checks in tests.

* test: Remove `Vary: Origin` header from CORS test expectations.

* refactor: consolidate CORS request handling into a new `processCORS` method using a `next` callback.
This commit is contained in:
粒粒橙
2026-01-22 06:04:57 +08:00
committed by GitHub
parent cd2e93bf2b
commit 52882aed70
4 changed files with 199 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
weed/s3api/cors/cors.go
View File

@@ -361,10 +361,6 @@ func ApplyHeaders(w http.ResponseWriter, corsResp *CORSResponse) {
if corsResp.AllowOrigin != "" {
w.Header().Set("Access-Control-Allow-Origin", corsResp.AllowOrigin)
if corsResp.AllowOrigin != "*" {
w.Header().Add("Vary", "Origin")
}
}
if corsResp.AllowMethods != "" {