Skip to content

Feat/cors: Add CORS handling to API and S3#297

Merged
St4NNi merged 16 commits into
mainfrom
feat/cors
Jun 30, 2026
Merged

Feat/cors: Add CORS handling to API and S3#297
St4NNi merged 16 commits into
mainfrom
feat/cors

Conversation

@St4NNi

@St4NNi St4NNi commented Jun 29, 2026

Copy link
Copy Markdown
Member

This PR adds CORS support for browser-based access to Aruna through both the REST API and S3 interface. It also integrates bucket-level S3 CORS configuration support from feat/bucket-cors.

Changes

  • Add configurable REST CORS handling.
  • Add S3 CORS handling for unsigned preflight requests before signature validation.
  • Add CORS headers to S3 responses so browser clients can read relevant response headers.
  • Add bucket-level CORS configuration stored in BucketInfo. (This includes the changes from the branch feat/bucket_cors)
  • Implement S3 PutBucketCors, GetBucketCors, and DeleteBucketCors.
  • Add CORS matching/conversion helpers and focused tests.
  • Include the API quick fixes needed for portal integration.

Fixed Issues

Fixes #242
Fixes #244

@St4NNi St4NNi requested review from das-Abroxas and lfbrehm June 29, 2026 13:48

@das-Abroxas das-Abroxas left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left some comments which are not mission critical. Address these issues or just leave a comment why you don't think that this is necessary and I will approve this PR ✌️

Comment thread .env.example Outdated
Comment thread api/src/s3/s3_server.rs Outdated
Comment thread api/src/s3/s3_server.rs Outdated
Comment thread api/src/cors.rs Outdated
@St4NNi St4NNi requested a review from das-Abroxas June 30, 2026 07:00
das-Abroxas
das-Abroxas previously approved these changes Jun 30, 2026

@das-Abroxas das-Abroxas left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. There are still a few minor things that could be improved, such as using the header name constants from the http crate (e.g. http::header::ORIGIN) instead of defining them again ourselves. But, those are just design decision discussions at this point. lgtm.

@St4NNi St4NNi merged commit dbd7e41 into main Jun 30, 2026
6 checks passed
@St4NNi St4NNi deleted the feat/cors branch June 30, 2026 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[fix] API quick fixes [feat] CORS for REST and S3

2 participants