Compare commits
1 Commits
developmen
...
ft/cors
Author | SHA1 | Date |
---|---|---|
Nicolas Humbert | 4f80e2978f |
|
@ -36,12 +36,12 @@ function checkUnsupportedRoutes(reqMethod) {
|
||||||
function checkBucketAndKey(bucketName, objectKey, method, reqQuery,
|
function checkBucketAndKey(bucketName, objectKey, method, reqQuery,
|
||||||
blacklistedPrefixes, log) {
|
blacklistedPrefixes, log) {
|
||||||
// if empty name and request not a List Buckets
|
// if empty name and request not a List Buckets
|
||||||
if (!bucketName && !(method === 'GET' && !objectKey)) {
|
// if (!bucketName && !(method === 'GET' && !objectKey)) {
|
||||||
log.debug('empty bucket name', { method: 'routes' });
|
// log.debug('empty bucket name', { method: 'routes' });
|
||||||
return (method !== 'OPTIONS') ?
|
// return (method !== 'OPTIONS') ?
|
||||||
errors.MethodNotAllowed : errors.AccessForbidden
|
// errors.MethodNotAllowed : errors.AccessForbidden
|
||||||
.customizeDescription('CORSResponse: Bucket not found');
|
// .customizeDescription('CORSResponse: Bucket not found');
|
||||||
}
|
// }
|
||||||
if (bucketName !== undefined && routesUtils.isValidBucketName(bucketName,
|
if (bucketName !== undefined && routesUtils.isValidBucketName(bucketName,
|
||||||
blacklistedPrefixes.bucket) === false) {
|
blacklistedPrefixes.bucket) === false) {
|
||||||
log.debug('invalid bucket name', { bucketName });
|
log.debug('invalid bucket name', { bucketName });
|
||||||
|
|
|
@ -1,31 +1,47 @@
|
||||||
const errors = require('../../errors');
|
|
||||||
const routesUtils = require('../routesUtils');
|
const routesUtils = require('../routesUtils');
|
||||||
|
|
||||||
function routeOPTIONS(request, response, api, log, statsClient) {
|
function routeOPTIONS(request, response, api, log) {
|
||||||
log.debug('routing request', { method: 'routeOPTION' });
|
log.info('routing request', { method: 'routeOPTIONS',
|
||||||
|
headers: request.rawHeaders });
|
||||||
const corsMethod = request.headers['access-control-request-method'] || null;
|
const resHeaders = {
|
||||||
|
'Access-Control-Allow-Methods': 'GET,PUT,POST,HEAD,DELETE',
|
||||||
if (!request.headers.origin) {
|
'Access-Control-Expose-Headers': 'x-amz-request-id',
|
||||||
const msg = 'Insufficient information. Origin request header needed.';
|
'Access-Control-Allow-Headers':
|
||||||
const err = errors.BadRequest.customizeDescription(msg);
|
'authorization,x-amz-date,x-amz-user-agent,Content-Type,' +
|
||||||
log.debug('missing origin', { method: 'routeOPTIONS', error: err });
|
'X-Amz-Content-Sha256,x-amz-acl,content-md5',
|
||||||
return routesUtils.responseXMLBody(err, undefined, response, log);
|
};
|
||||||
}
|
return routesUtils.responseNoBody(null, resHeaders, response, 200,
|
||||||
if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
|
log);
|
||||||
const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
|
|
||||||
const err = errors.BadRequest.customizeDescription(msg);
|
|
||||||
log.debug('invalid Access-Control-Request-Method',
|
|
||||||
{ method: 'routeOPTIONS', error: err });
|
|
||||||
return routesUtils.responseXMLBody(err, undefined, response, log);
|
|
||||||
}
|
|
||||||
|
|
||||||
return api.callApiMethod('corsPreflight', request, response, log,
|
|
||||||
(err, resHeaders) => {
|
|
||||||
routesUtils.statsReport500(err, statsClient);
|
|
||||||
return routesUtils.responseNoBody(err, resHeaders, response, 200,
|
|
||||||
log);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// const errors = require('../../errors');
|
||||||
|
// const routesUtils = require('../routesUtils');
|
||||||
|
//
|
||||||
|
// function routeOPTIONS(request, response, api, log, statsClient) {
|
||||||
|
// log.debug('routing request', { method: 'routeOPTION' });
|
||||||
|
//
|
||||||
|
// const corsMethod = request.headers['access-control-request-method'] || null;
|
||||||
|
//
|
||||||
|
// if (!request.headers.origin) {
|
||||||
|
// const msg = 'Insufficient information. Origin request header needed.';
|
||||||
|
// const err = errors.BadRequest.customizeDescription(msg);
|
||||||
|
// log.debug('missing origin', { method: 'routeOPTIONS', error: err });
|
||||||
|
// return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||||
|
// }
|
||||||
|
// if (['GET', 'PUT', 'HEAD', 'POST', 'DELETE'].indexOf(corsMethod) < 0) {
|
||||||
|
// const msg = `Invalid Access-Control-Request-Method: ${corsMethod}`;
|
||||||
|
// const err = errors.BadRequest.customizeDescription(msg);
|
||||||
|
// log.debug('invalid Access-Control-Request-Method',
|
||||||
|
// { method: 'routeOPTIONS', error: err });
|
||||||
|
// return routesUtils.responseXMLBody(err, undefined, response, log);
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// return api.callApiMethod('corsPreflight', request, response, log,
|
||||||
|
// (err, resHeaders) => {
|
||||||
|
// routesUtils.statsReport500(err, statsClient);
|
||||||
|
// return routesUtils.responseNoBody(err, resHeaders, response, 200,
|
||||||
|
// log);
|
||||||
|
// });
|
||||||
|
// }
|
||||||
|
|
||||||
module.exports = routeOPTIONS;
|
module.exports = routeOPTIONS;
|
||||||
|
|
|
@ -34,6 +34,7 @@ function setCommonResponseHeaders(headers, response, log) {
|
||||||
// to be expanded in further implementation of logging of requests
|
// to be expanded in further implementation of logging of requests
|
||||||
response.setHeader('x-amz-id-2', log.getSerializedUids());
|
response.setHeader('x-amz-id-2', log.getSerializedUids());
|
||||||
response.setHeader('x-amz-request-id', log.getSerializedUids());
|
response.setHeader('x-amz-request-id', log.getSerializedUids());
|
||||||
|
response.setHeader('Access-Control-Allow-Origin', '*');
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue