gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: S3 CORS headers missing for non-existent buckets (#8078)

Browse Source 
Fix S3 CORS for non-existent buckets

Enable fallback to global CORS configuration when a bucket is not found (s3err.ErrNoSuchBucket). This ensures consistent CORS behavior and prevents information disclosure.
This commit is contained in:
Chris Lu
2026-01-21 12:50:51 -08:00
committed by GitHub
parent 3f879b8d2b
commit 7d788ae73c
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
weed/s3api/cors/middleware_test.go
View File

@@ -358,10 +358,10 @@ func TestMiddlewareFallbackWithError(t *testing.T) {
description: "Internal errors should not expose CORS headers",
},
{
name: "ErrNoSuchBucket should not trigger fallback",
name: "ErrNoSuchBucket should trigger fallback",
errCode: s3err.ErrNoSuchBucket,
expectedOriginHeader: "",
description: "Bucket not found errors should not expose CORS headers",
expectedOriginHeader: "https://example.com",
description: "Bucket not found errors should expose CORS headers to prevent information disclosure",
},
{
name: "ErrNoSuchCORSConfiguration should trigger fallback",