From 90d7abf7559804cacc847fd3f89018cb6b68b079 Mon Sep 17 00:00:00 2001 From: twickline Date: Tue, 30 Jul 2024 13:20:48 -0700 Subject: [PATCH 1/3] Adds ETag to Access-Control-Expose-Headers headers --- .../java/org/gaul/s3proxy/CrossOriginResourceSharing.java | 5 +++++ src/main/java/org/gaul/s3proxy/S3ProxyHandler.java | 2 ++ .../CrossOriginResourceSharingAllowAllResponseTest.java | 3 +++ 3 files changed, 10 insertions(+) diff --git a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java index 264b8fd3..e549c5b8 100644 --- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java +++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java @@ -41,6 +41,7 @@ public final class CrossOriginResourceSharing { private static final String ALLOW_ANY_ORIGIN = "*"; private static final String ALLOW_ANY_HEADER = "*"; private static final String ALLOW_CREDENTIALS = "true"; + private static final String EXPOSED_HEADERS = "ETag"; private static final Logger logger = LoggerFactory.getLogger( CrossOriginResourceSharing.class); @@ -102,6 +103,10 @@ public CrossOriginResourceSharing(Collection allowedOrigins, logger.info("CORS allowed headers: {}", allowedHeaders); logger.info("CORS allow credentials: {}", allowCredentials); } + + public String getExposedHeaders() { + return EXPOSED_HEADERS; + } public String getAllowedMethods() { return this.allowedMethodsRaw; diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java index b1ad3d3a..0b1978e4 100644 --- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java +++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java @@ -3012,6 +3012,8 @@ private void addCorsResponseHeader(HttpServletRequest request, corsRules.isOriginAllowed(corsOrigin)) { response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, corsRules.getAllowedOrigin(corsOrigin)); + response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, + corsRules.getExposedHeaders()); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, corsRules.getAllowedMethods()); if (corsRules.isAllowCredentials()) { diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java index 62d78720..9b975063 100644 --- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java +++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java @@ -179,6 +179,9 @@ public void testCorsActual() throws Exception { assertThat(response.getFirstHeader( HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue()) .isEqualTo("GET, HEAD, PUT, POST, DELETE"); + assertThat(response.getFirstHeader( + HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue()) + .isEqualTo("ETag"); } @Test From 39bca5368fa07dd3dea06c699fea0060700d46a0 Mon Sep 17 00:00:00 2001 From: twickline Date: Sun, 4 Aug 2024 09:40:58 -0700 Subject: [PATCH 2/3] Fixes styling --- src/main/java/org/gaul/s3proxy/S3ProxyHandler.java | 2 +- .../s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java index 0b1978e4..74374037 100644 --- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java +++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java @@ -3013,7 +3013,7 @@ private void addCorsResponseHeader(HttpServletRequest request, response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, corsRules.getAllowedOrigin(corsOrigin)); response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, - corsRules.getExposedHeaders()); + corsRules.getExposedHeaders()); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, corsRules.getAllowedMethods()); if (corsRules.isAllowCredentials()) { diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java index 9b975063..2ff6297c 100644 --- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java +++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java @@ -181,7 +181,7 @@ public void testCorsActual() throws Exception { .isEqualTo("GET, HEAD, PUT, POST, DELETE"); assertThat(response.getFirstHeader( HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue()) - .isEqualTo("ETag"); + .isEqualTo("ETag"); } @Test From d0420e2bb82bf1f09f53d60c9e80e8db231af7e5 Mon Sep 17 00:00:00 2001 From: twickline Date: Sun, 4 Aug 2024 09:43:37 -0700 Subject: [PATCH 3/3] Removes trailing spaces --- src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java | 2 +- src/main/java/org/gaul/s3proxy/S3ProxyHandler.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java index e549c5b8..85748d3b 100644 --- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java +++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java @@ -103,7 +103,7 @@ public CrossOriginResourceSharing(Collection allowedOrigins, logger.info("CORS allowed headers: {}", allowedHeaders); logger.info("CORS allow credentials: {}", allowCredentials); } - + public String getExposedHeaders() { return EXPOSED_HEADERS; } diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java index 74374037..7b76e0e2 100644 --- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java +++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java @@ -3012,7 +3012,7 @@ private void addCorsResponseHeader(HttpServletRequest request, corsRules.isOriginAllowed(corsOrigin)) { response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, corsRules.getAllowedOrigin(corsOrigin)); - response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, + response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, corsRules.getExposedHeaders()); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, corsRules.getAllowedMethods());