gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(s3api): missing Vary: Origin header on non-CORS and OPTIONS requests (#8072)

Browse Source 
* fix: Refactor CORS middleware to consistently apply the `Vary: Origin` header when a configuration exists and streamline request processing logic.

* fix: Add Vary: Origin header to CORS OPTIONS responses and refactor request handling for clarity and correctness.

* fix: update CORS middleware tests to correctly parse and check for 'Origin' in Vary header.

* refactor: extract `hasVaryOrigin` helper function to simplify Vary header checks in tests.

* test: Remove `Vary: Origin` header from CORS test expectations.

* refactor: consolidate CORS request handling into a new `processCORS` method using a `next` callback.
This commit is contained in:
粒粒橙
2026-01-22 06:04:57 +08:00
committed by GitHub
parent cd2e93bf2b
commit 52882aed70
4 changed files with 199 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
weed/s3api/cors/cors_test.go
View File

@@ -523,7 +523,6 @@ func TestApplyHeaders(t *testing.T) {
"Access-Control-Allow-Headers": "Content-Type",
"Access-Control-Expose-Headers": "ETag",
"Access-Control-Max-Age": "3600",
"Vary": "Origin",
},
},
{
@@ -537,7 +536,6 @@ func TestApplyHeaders(t *testing.T) {
"Access-Control-Allow-Origin": "http://example.com",
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Credentials": "true",
"Vary": "Origin",
},
},
}