Compare commits
1 Commits
developmen
...
ft/cors
Author | SHA1 | Date |
---|---|---|
Nicolas Humbert | 4f80e2978f |
|
@ -36,12 +36,12 @@ function checkUnsupportedRoutes(reqMethod) {
|
|||
function checkBucketAndKey(bucketName, objectKey, method, reqQuery,
|
||||
blacklistedPrefixes, log) {
|
||||
// if empty name and request not a List Buckets
|
||||
if (!bucketName && !(method === 'GET' && !objectKey)) {
|
||||
log.debug('empty bucket name', { method: 'routes' });
|
||||
return (method !== 'OPTIONS') ?
|
||||
errors.MethodNotAllowed : errors.AccessForbidden
|
||||
.customizeDescription('CORSResponse: Bucket not found');
|
||||
}
|
||||
// if (!bucketName && !(method === 'GET' && !objectKey)) {
|
||||
// log.debug('empty bucket name', { method: 'routes' });
|
||||
// return (method !== 'OPTIONS') ?
|
||||
// errors.MethodNotAllowed : errors.AccessForbidden
|
||||
// .customizeDescription('CORSResponse: Bucket not found');
|
||||
// }
|
||||
if (bucketName !== undefined && routesUtils.isValidBucketName(bucketName,
|
||||
blacklistedPrefixes.bucket) === false) {
|
||||
log.debug('invalid bucket name', { bucketName });
|
||||
|
|
|
@ -1,31 +1,47 @@
|
|||
const errors = require('../../errors');
|
||||
const routesUtils = require('../routesUtils');
|
||||
|
||||
function routeOPTIONS(request, response, api, log, statsClient) {
|
||||
log.debug('routing request', { method: 'routeOPTION' });
|
||||
|
||||
const corsMethod = request.headers['access-control-request-method'] || null;
|
||||
|
||||
if (!request.headers.origin) {
|
||||
const msg = 'Insufficient information. Origin request header needed.';
|
||||
const err = errors.BadRequest.customizeDescription(msg);
|
||||
log.debug('missing origin', { method: 'routeOPTIONS', error: err });
|
||||
return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||
}
|
||||
if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
|
||||
const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
|
||||
const err = errors.BadRequest.customizeDescription(msg);
|
||||
log.debug('invalid Access-Control-Request-Method',
|
||||
{ method: 'routeOPTIONS', error: err });
|
||||
return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||
}
|
||||
|
||||
return api.callApiMethod('corsPreflight', request, response, log,
|
||||
(err, resHeaders) => {
|
||||
routesUtils.statsReport500(err, statsClient);
|
||||
return routesUtils.responseNoBody(err, resHeaders, response, 200,
|
||||
log);
|
||||
});
|
||||
function routeOPTIONS(request, response, api, log) {
|
||||
log.info('routing request', { method: 'routeOPTIONS',
|
||||
headers: request.rawHeaders });
|
||||
const resHeaders = {
|
||||
'Access-Control-Allow-Methods': 'GET,PUT,POST,HEAD,DELETE',
|
||||
'Access-Control-Expose-Headers': 'x-amz-request-id',
|
||||
'Access-Control-Allow-Headers':
|
||||
'authorization,x-amz-date,x-amz-user-agent,Content-Type,' +
|
||||
'X-Amz-Content-Sha256,x-amz-acl,content-md5',
|
||||
};
|
||||
return routesUtils.responseNoBody(null, resHeaders, response, 200,
|
||||
log);
|
||||
}
|
||||
|
||||
// const errors = require('../../errors');
|
||||
// const routesUtils = require('../routesUtils');
|
||||
//
|
||||
// function routeOPTIONS(request, response, api, log, statsClient) {
|
||||
// log.debug('routing request', { method: 'routeOPTION' });
|
||||
//
|
||||
// const corsMethod = request.headers['access-control-request-method'] || null;
|
||||
//
|
||||
// if (!request.headers.origin) {
|
||||
// const msg = 'Insufficient information. Origin request header needed.';
|
||||
// const err = errors.BadRequest.customizeDescription(msg);
|
||||
// log.debug('missing origin', { method: 'routeOPTIONS', error: err });
|
||||
// return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||
// }
|
||||
// if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
|
||||
// const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
|
||||
// const err = errors.BadRequest.customizeDescription(msg);
|
||||
// log.debug('invalid Access-Control-Request-Method',
|
||||
// { method: 'routeOPTIONS', error: err });
|
||||
// return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||
// }
|
||||
//
|
||||
// return api.callApiMethod('corsPreflight', request, response, log,
|
||||
// (err, resHeaders) => {
|
||||
// routesUtils.statsReport500(err, statsClient);
|
||||
// return routesUtils.responseNoBody(err, resHeaders, response, 200,
|
||||
// log);
|
||||
// });
|
||||
// }
|
||||
|
||||
module.exports = routeOPTIONS;
|
||||
|
|
|
@ -34,6 +34,7 @@ function setCommonResponseHeaders(headers, response, log) {
|
|||
// to be expanded in further implementation of logging of requests
|
||||
response.setHeader('x-amz-id-2', log.getSerializedUids());
|
||||
response.setHeader('x-amz-request-id', log.getSerializedUids());
|
||||
response.setHeader('Access-Control-Allow-Origin', '*');
|
||||
return response;
|
||||
}
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue