11use crate :: cors:: { S3_PREFLIGHT_VARY , append_vary_headers} ;
22use aruna_core:: structs:: { BucketCorsConfiguration , BucketCorsRule } ;
3- use http:: header:: { HeaderName , HeaderValue } ;
3+ use http:: header:: { self , HeaderName , HeaderValue } ;
44use http:: { Method , StatusCode } ;
55use s3s:: HttpResponse ;
66use s3s:: dto:: { CORSConfiguration , CORSRule , GetBucketCorsOutput } ;
77use s3s:: { S3Error , s3_error} ;
88
9- pub ( crate ) const ORIGIN_HEADER : & str = "Origin" ;
10- pub ( crate ) const REQUEST_METHOD_HEADER : & str = "Access-Control-Request-Method" ;
11- pub ( crate ) const REQUEST_HEADERS_HEADER : & str = "Access-Control-Request-Headers" ;
12-
13- pub ( crate ) const ALLOW_ORIGIN_HEADER : & str = "access-control-allow-origin" ;
14- pub ( crate ) const ALLOW_METHODS_HEADER : & str = "access-control-allow-methods" ;
15- pub ( crate ) const ALLOW_HEADERS_HEADER : & str = "access-control-allow-headers" ;
16- pub ( crate ) const EXPOSE_HEADERS_HEADER : & str = "access-control-expose-headers" ;
17- pub ( crate ) const MAX_AGE_HEADER : & str = "access-control-max-age" ;
18-
199const WILDCARD : & str = "*" ;
2010const VALID_CORS_METHODS : & [ & str ] = & [ "GET" , "PUT" , "HEAD" , "POST" , "DELETE" ] ;
2111
@@ -271,14 +261,14 @@ pub(crate) fn build_preflight_response(matched_rule: MatchedCorsRule) -> HttpRes
271261 if !matched_rule. allow_headers . is_empty ( ) {
272262 append_header (
273263 & mut response,
274- HeaderName :: from_static ( ALLOW_HEADERS_HEADER ) ,
264+ header :: ACCESS_CONTROL_ALLOW_HEADERS ,
275265 & matched_rule. allow_headers . join ( ", " ) ,
276266 ) ;
277267 }
278268 if let Some ( max_age_seconds) = matched_rule. max_age_seconds {
279269 append_header (
280270 & mut response,
281- HeaderName :: from_static ( MAX_AGE_HEADER ) ,
271+ header :: ACCESS_CONTROL_MAX_AGE ,
282272 & max_age_seconds. to_string ( ) ,
283273 ) ;
284274 }
@@ -301,22 +291,22 @@ pub(crate) fn inject_actual_cors_headers(
301291 if !matched_rule. expose_headers . is_empty ( ) {
302292 append_header (
303293 response,
304- HeaderName :: from_static ( EXPOSE_HEADERS_HEADER ) ,
294+ header :: ACCESS_CONTROL_EXPOSE_HEADERS ,
305295 & matched_rule. expose_headers . join ( ", " ) ,
306296 ) ;
307297 }
308- append_vary_headers ( response. headers_mut ( ) , & [ ORIGIN_HEADER ] ) ;
298+ append_vary_headers ( response. headers_mut ( ) , & [ header :: ORIGIN ] ) ;
309299}
310300
311301fn append_allow_origin_and_methods ( response : & mut HttpResponse , matched_rule : & MatchedCorsRule ) {
312302 append_header (
313303 response,
314- HeaderName :: from_static ( ALLOW_ORIGIN_HEADER ) ,
304+ header :: ACCESS_CONTROL_ALLOW_ORIGIN ,
315305 & matched_rule. allow_origin ,
316306 ) ;
317307 append_header (
318308 response,
319- HeaderName :: from_static ( ALLOW_METHODS_HEADER ) ,
309+ header :: ACCESS_CONTROL_ALLOW_METHODS ,
320310 & matched_rule. allow_methods . join ( ", " ) ,
321311 ) ;
322312}
@@ -477,7 +467,7 @@ mod tests {
477467 assert_eq ! ( response. headers( ) [ "access-control-max-age" ] , "60" ) ;
478468 assert_eq ! (
479469 response. headers( ) [ VARY ] ,
480- "Origin, Access-Control-Request-Method, Access-Control-Request-Headers "
470+ "origin, access-control-request-method, access-control-request-headers "
481471 ) ;
482472 }
483473
@@ -494,7 +484,7 @@ mod tests {
494484 ) ;
495485 assert_eq ! (
496486 response. headers( ) [ VARY ] ,
497- "Origin, Access-Control-Request-Method, Access-Control-Request-Headers "
487+ "origin, access-control-request-method, access-control-request-headers "
498488 ) ;
499489 }
500490
@@ -513,6 +503,6 @@ mod tests {
513503 "https://example.org"
514504 ) ;
515505 assert_eq ! ( response. headers( ) [ "access-control-expose-headers" ] , "etag" ) ;
516- assert_eq ! ( response. headers( ) [ VARY ] , "Accept-Encoding, Origin " ) ;
506+ assert_eq ! ( response. headers( ) [ VARY ] , "Accept-Encoding, origin " ) ;
517507 }
518508}
0 commit comments