fix: apply CORS middleware to admin CreateBucket route

The PATCH /:bucket/create admin route was missing middlewares.ApplyDefaultCORS, while every other admin PATCH route applies it. The OPTIONS preflight handler already sets CORS headers, so browsers pass preflight but block the actual response for lacking Access-Control-Allow-Origin. This caused the WebUI bucket-creation flow to fail with ERR_FAILED even though the server returned 201. Fixes #2105. Introduced in #1739 when the endpoint was added. Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-22 11:51:28 +00:00 · 2026-04-30 21:06:55 -04:00
parent 437d46857d
commit e6aa9de052
1 changed files with 1 additions and 0 deletions
--- a/s3api/admin-router.go
+++ b/s3api/admin-router.go
@@ -110,6 +110,7 @@ func (ar *S3AdminRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMSe
 		controllers.ProcessHandlers(ctrl.CreateBucket, metrics.ActionAdminListBuckets, services,
 			middlewares.VerifyV4Signature(root, iam, region, false, true, false),
 			middlewares.IsAdmin(metrics.ActionAdminCreateBucket),
+			middlewares.ApplyDefaultCORS(corsAllowOrigin),
 		))
 	app.Options("/:bucket/create",
 		middlewares.ApplyDefaultCORSPreflight(corsAllowOrigin),