From b052bfa79e25b3c2c988c2d51765855b5b6ab0c3 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Mon, 2 Apr 2018 17:51:32 -0700
Subject: [PATCH] Add necessary safe headers under CORS (#5750)

Fixes #5748
---
 cmd/generic-handlers.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go
index d4e987e45..b0e8186f6 100644
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@@ -375,9 +375,18 @@ var defaultAllowableHTTPMethods = []string{
 
 // setCorsHandler handler for CORS (Cross Origin Resource Sharing)
 func setCorsHandler(h http.Handler) http.Handler {
-	commonS3Headers := []string{"Content-Length", "Content-Type", "Connection",
-		"Date", "ETag", "Server", "x-amz-delete-marker", "x-amz-id-2",
-		"x-amz-request-id", "x-amz-version-id"}
+	commonS3Headers := []string{
+		"Date",
+		"ETag",
+		"Server",
+		"Connection",
+		"Accept-Ranges",
+		"Content-Range",
+		"Content-Encoding",
+		"Content-Length",
+		"Content-Type",
+		"x-amz-request-id",
+	}
 	c := cors.New(cors.Options{
 		AllowedOrigins:   []string{"*"},
 		AllowedMethods:   defaultAllowableHTTPMethods,