gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: CORS wildcard subdomain matching cache race condition (#7736)

Browse Source 
test: add HTTPS test cases for CORS wildcard subdomain matching

This adds comprehensive test coverage for HTTPS subdomain wildcard matching
in TestMatchesOrigin:
- https exact match
- https no match
- https wildcard subdomain match
- https wildcard subdomain no match (base domain)
- https wildcard subdomain no match (different domain)
- protocol mismatch tests (http pattern vs https origin and vice versa)

The matchWildcard function was already working correctly - this just adds
test coverage for the HTTPS cases that were previously untested.

Note: The cache invalidation is already handled synchronously by
setBucketMetadata() which is called via:
- UpdateBucketCORS -> UpdateBucketMetadata -> setBucketMetadata
- ClearBucketCORS -> UpdateBucketMetadata -> setBucketMetadata

Added clarifying comments to document this call chain.
This commit is contained in:
Chris Lu
2025-12-13 14:33:46 -08:00
committed by GitHub
parent f77e6ed2d4
commit f70cd05404
3 changed files with 53 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
weed/s3api/s3_bucket_encryption.go
View File

@@ -218,13 +218,14 @@ func (s3a *S3ApiServer) getEncryptionConfiguration(bucket string) (*s3_pb.Encryp
// updateEncryptionConfiguration updates the encryption configuration for a bucket
func (s3a *S3ApiServer) updateEncryptionConfiguration(bucket string, encryptionConfig *s3_pb.EncryptionConfiguration) s3err.ErrorCode {
// Update using structured API
// Note: UpdateBucketEncryption -> UpdateBucketMetadata -> setBucketMetadata
// already invalidates the cache synchronously after successful update
err := s3a.UpdateBucketEncryption(bucket, encryptionConfig)
if err != nil {
glog.Errorf("updateEncryptionConfiguration: failed to update encryption config for bucket %s: %v", bucket, err)
return s3err.ErrInternalError
}
// Cache will be updated automatically via metadata subscription
return s3err.ErrNone
}
@@ -242,13 +243,14 @@ func (s3a *S3ApiServer) removeEncryptionConfiguration(bucket string) s3err.Error
}
// Update using structured API
// Note: ClearBucketEncryption -> UpdateBucketMetadata -> setBucketMetadata
// already invalidates the cache synchronously after successful update
err = s3a.ClearBucketEncryption(bucket)
if err != nil {
glog.Errorf("removeEncryptionConfiguration: failed to remove encryption config for bucket %s: %v", bucket, err)
return s3err.ErrInternalError
}
// Cache will be updated automatically via metadata subscription
return s3err.ErrNone
}