versitygw

mirrors/versitygw

Fork 0

mirror of https://github.com/versity/versitygw.git synced 2026-05-02 02:05:43 +00:00

Commit Graph

Author	SHA1	Message	Date
niksis02	6fafc15d08	fix: fixes PutBucketCors CORSRules validation Fixes #1870 Fixes #1863 A validation has been added to PutBucketCors for `CORSRule.AllowedOrigins`. The `AllowedOrigins` list can no longer be empty—otherwise a MalformedXML error is returned. Additionally, each origin is now validated to ensure it does not contain more than one wildcard. A similar validation has been added for `AllowedMethods`. The list must not be empty, or a MalformedXML error is returned. Previously, empty method values (e.g., `[]string{""}`) were incorrectly treated as valid. This has been fixed, and an UnsupportedCORSMethod error is now returned.	2026-02-24 16:59:38 +04:00
niksis02	3d20a63f75	fix: adds Acces-Control-Allow-Headers to cors responses Fixes #1486 * Adds the `Access-Control-Allow-Headers` response header to CORS responses for both OPTIONS preflight requests and any request containing an `Origin` header. * The `Access-Control-Allow-Headers` response includes only the headers specified in the `Access-Control-Request-Headers` request header, always returned in lowercase. * Fixes an issue with allow headers comparison in cors evaluation by making it case-insensitive. * Adds missing unit tests for the OPTIONS controller.	2025-08-27 00:31:47 +04:00

Author

SHA1

Message

Date

niksis02

6fafc15d08

fix: fixes PutBucketCors CORSRules validation

Fixes #1870
Fixes #1863

A validation has been added to **PutBucketCors** for `CORSRule.AllowedOrigins`. The `AllowedOrigins` list can no longer be empty—otherwise a **MalformedXML** error is returned. Additionally, each origin is now validated to ensure it does not contain more than one wildcard.

A similar validation has been added for `AllowedMethods`. The list must not be empty, or a **MalformedXML** error is returned. Previously, empty method values (e.g., `[]string{""}`) were incorrectly treated as valid. This has been fixed, and an **UnsupportedCORSMethod** error is now returned.

2026-02-24 16:59:38 +04:00

niksis02

3d20a63f75

fix: adds Acces-Control-Allow-Headers to cors responses

Fixes #1486

* Adds the `Access-Control-Allow-Headers` response header to CORS responses for both **OPTIONS preflight requests** and any request containing an `Origin` header.
* The `Access-Control-Allow-Headers` response includes only the headers specified in the `Access-Control-Request-Headers` request header, always returned in lowercase.
* Fixes an issue with allow headers comparison in cors evaluation by making it case-insensitive.
* Adds missing unit tests for the **OPTIONS controller**.

2025-08-27 00:31:47 +04:00

2 Commits