Compare commits

...

1 Commits

Author SHA1 Message Date
Nicolas Humbert 4f80e2978f FT: CORS 2018-04-09 14:27:13 -07:00
3 changed files with 49 additions and 32 deletions

View File

@ -36,12 +36,12 @@ function checkUnsupportedRoutes(reqMethod) {
function checkBucketAndKey(bucketName, objectKey, method, reqQuery, function checkBucketAndKey(bucketName, objectKey, method, reqQuery,
blacklistedPrefixes, log) { blacklistedPrefixes, log) {
// if empty name and request not a List Buckets // if empty name and request not a List Buckets
if (!bucketName && !(method === 'GET' && !objectKey)) { // if (!bucketName && !(method === 'GET' && !objectKey)) {
log.debug('empty bucket name', { method: 'routes' }); // log.debug('empty bucket name', { method: 'routes' });
return (method !== 'OPTIONS') ? // return (method !== 'OPTIONS') ?
errors.MethodNotAllowed : errors.AccessForbidden // errors.MethodNotAllowed : errors.AccessForbidden
.customizeDescription('CORSResponse: Bucket not found'); // .customizeDescription('CORSResponse: Bucket not found');
} // }
if (bucketName !== undefined && routesUtils.isValidBucketName(bucketName, if (bucketName !== undefined && routesUtils.isValidBucketName(bucketName,
blacklistedPrefixes.bucket) === false) { blacklistedPrefixes.bucket) === false) {
log.debug('invalid bucket name', { bucketName }); log.debug('invalid bucket name', { bucketName });

View File

@ -1,31 +1,47 @@
const errors = require('../../errors');
const routesUtils = require('../routesUtils'); const routesUtils = require('../routesUtils');
function routeOPTIONS(request, response, api, log, statsClient) { function routeOPTIONS(request, response, api, log) {
log.debug('routing request', { method: 'routeOPTION' }); log.info('routing request', { method: 'routeOPTIONS',
headers: request.rawHeaders });
const corsMethod = request.headers['access-control-request-method'] || null; const resHeaders = {
'Access-Control-Allow-Methods': 'GET,PUT,POST,HEAD,DELETE',
if (!request.headers.origin) { 'Access-Control-Expose-Headers': 'x-amz-request-id',
const msg = 'Insufficient information. Origin request header needed.'; 'Access-Control-Allow-Headers':
const err = errors.BadRequest.customizeDescription(msg); 'authorization,x-amz-date,x-amz-user-agent,Content-Type,' +
log.debug('missing origin', { method: 'routeOPTIONS', error: err }); 'X-Amz-Content-Sha256,x-amz-acl,content-md5',
return routesUtils.responseXMLBody(err, undefined, response, log); };
} return routesUtils.responseNoBody(null, resHeaders, response, 200,
if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
const err = errors.BadRequest.customizeDescription(msg);
log.debug('invalid Access-Control-Request-Method',
{ method: 'routeOPTIONS', error: err });
return routesUtils.responseXMLBody(err, undefined, response, log);
}
return api.callApiMethod('corsPreflight', request, response, log,
(err, resHeaders) => {
routesUtils.statsReport500(err, statsClient);
return routesUtils.responseNoBody(err, resHeaders, response, 200,
log); log);
});
} }
// const errors = require('../../errors');
// const routesUtils = require('../routesUtils');
//
// function routeOPTIONS(request, response, api, log, statsClient) {
// log.debug('routing request', { method: 'routeOPTION' });
//
// const corsMethod = request.headers['access-control-request-method'] || null;
//
// if (!request.headers.origin) {
// const msg = 'Insufficient information. Origin request header needed.';
// const err = errors.BadRequest.customizeDescription(msg);
// log.debug('missing origin', { method: 'routeOPTIONS', error: err });
// return routesUtils.responseXMLBody(err, undefined, response, log);
// }
// if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
// const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
// const err = errors.BadRequest.customizeDescription(msg);
// log.debug('invalid Access-Control-Request-Method',
// { method: 'routeOPTIONS', error: err });
// return routesUtils.responseXMLBody(err, undefined, response, log);
// }
//
// return api.callApiMethod('corsPreflight', request, response, log,
// (err, resHeaders) => {
// routesUtils.statsReport500(err, statsClient);
// return routesUtils.responseNoBody(err, resHeaders, response, 200,
// log);
// });
// }
module.exports = routeOPTIONS; module.exports = routeOPTIONS;

View File

@ -34,6 +34,7 @@ function setCommonResponseHeaders(headers, response, log) {
// to be expanded in further implementation of logging of requests // to be expanded in further implementation of logging of requests
response.setHeader('x-amz-id-2', log.getSerializedUids()); response.setHeader('x-amz-id-2', log.getSerializedUids());
response.setHeader('x-amz-request-id', log.getSerializedUids()); response.setHeader('x-amz-request-id', log.getSerializedUids());
response.setHeader('Access-Control-Allow-Origin', '*');
return response; return response;
} }
/** /**