Skip to content

Commit f66a411

Browse files
committed
fix: Added Vary header and fixed wildcards for CORS
1 parent 5adb791 commit f66a411

3 files changed

Lines changed: 38 additions & 9 deletions

File tree

components/data_proxy/src/s3_frontend/s3server.rs

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ use http::header::ACCESS_CONTROL_ALLOW_HEADERS;
1111
use http::header::ACCESS_CONTROL_ALLOW_METHODS;
1212
use http::header::ACCESS_CONTROL_ALLOW_ORIGIN;
1313
use http::header::ORIGIN;
14+
use http::header::VARY;
1415
use http::HeaderValue;
1516
use http::Method;
1617
use http::StatusCode;
@@ -32,6 +33,7 @@ use std::sync::Arc;
3233
use tokio::net::TcpListener;
3334
use tracing::error;
3435
use tracing::info;
36+
use tracing::trace;
3537

3638
pub struct S3Server {
3739
s3service: S3Service,
@@ -246,8 +248,7 @@ impl WrappingService {
246248
.map_err(|e| {
247249
error!("{e}");
248250
s3_error!(InvalidURI, "Invalid URI encoding")
249-
})?;
250-
let url_without_host = url
251+
})?
251252
.split(
252253
&CONFIG
253254
.frontend
@@ -257,12 +258,21 @@ impl WrappingService {
257258
)
258259
.next()
259260
.ok_or_else(|| s3_error!(InternalError, "Invalid host url set"))?;
260-
let bucket = match url_without_host.split(".").next() {
261+
262+
let bucket = match url.split(".").next() {
263+
Some(empty) if empty.is_empty() => {
264+
let mut iter = req.uri().path().split("/");
265+
trace!(?iter);
266+
iter.next(); // first one is empty
267+
iter.next() // next one is bucket
268+
.ok_or_else(|| s3_error!(InvalidURI, "No bucket set"))?
269+
}
261270
Some(sub_bucket) => sub_bucket,
262271
None => {
263-
url_without_host
264-
.split("/")
265-
.next()
272+
let mut iter = req.uri().path().split("/");
273+
trace!(?iter);
274+
iter.next(); // first one is empty
275+
iter.next() // next one is bucket
266276
.ok_or_else(|| s3_error!(InvalidURI, "No bucket set"))?
267277
}
268278
};
@@ -304,6 +314,9 @@ impl WrappingService {
304314
})
305315
.ok_or_else(|| s3_error!(NoSuchBucketPolicy, "No cors policy found for bucket"))?;
306316
let mut builder = hyper::Response::builder();
317+
if !rule.allowed_origins.contains(&"*".to_string()) {
318+
builder = builder.header(VARY, HeaderValue::from_static("Origin"));
319+
}
307320
for origin in rule.allowed_origins.iter() {
308321
builder = builder.header(
309322
ACCESS_CONTROL_ALLOW_ORIGIN,

components/data_proxy/src/s3_frontend/s3service.rs

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ impl S3 for ArunaS3Service {
138138
let CheckAccessResult {
139139
user_state,
140140
objects_state,
141-
..
141+
headers,
142142
} = req
143143
.extensions
144144
.get::<CheckAccessResult>()
@@ -262,7 +262,19 @@ impl S3 for ArunaS3Service {
262262
Some(objects_state.try_slice()?),
263263
));
264264
debug!(?response);
265-
Ok(S3Response::new(response))
265+
266+
let mut resp = S3Response::new(response);
267+
if let Some(headers) = headers {
268+
for (k, v) in headers {
269+
resp.headers.insert(
270+
HeaderName::from_bytes(k.as_bytes())
271+
.map_err(|_| s3_error!(InternalError, "Unable to parse header name"))?,
272+
HeaderValue::from_str(&v)
273+
.map_err(|_| s3_error!(InternalError, "Unable to parse header value"))?,
274+
);
275+
}
276+
}
277+
Ok(resp)
266278
}
267279

268280
#[tracing::instrument(err)]

components/data_proxy/src/structs.rs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1875,11 +1875,15 @@ impl CORSConfiguration {
18751875
header: Option<Vec<String>>,
18761876
) -> Option<HashMap<String, String>> {
18771877
for cors_rule in self.0 {
1878-
if cors_rule.allowed_origins.contains(&origin)
1878+
if (cors_rule.allowed_origins.contains(&origin)
1879+
|| cors_rule.allowed_origins.contains(&"*".to_string()))
18791880
&& cors_rule.allowed_methods.contains(&method)
18801881
{
18811882
let mut headers = HashMap::new();
18821883
if !cors_rule.allowed_origins.is_empty() {
1884+
if !cors_rule.allowed_origins.contains(&"*".to_string()) {
1885+
headers.insert("Vary".to_string(), "Origin".to_string());
1886+
}
18831887
headers.insert(
18841888
"Access-Control-Allow-Origin".to_string(),
18851889
cors_rule.allowed_origins.join(", "),

0 commit comments

Comments
 (0)