[
https://issues.apache.org/jira/browse/HDDS-14386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Andika updated HDDS-14386:
-------------------------------
Description:
Currently, Ozone does not support per-bucket CORS configuration. This means
that the CORS configuration is only decided on the reverse proxy that we use
(e.g. nginx , HAProxy, etc).
We can implement per-bucket CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] .
The create flow looks something like
* User uses the S3 API to create the CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
* S3G parse the request and send the request to OM
* OM will update the OmBucketInfo with the CORS policy
Since S3G will call getBucket, we can return the CORS policy as part of
OzoneBucket and use that to create the CORS response (e.g.
Access-Control-Allow-Origin, etc).
For reference, NGINX CORS configuration can look like this to allow S3G to be
compatible with CORS.
{code:java}
if ($http_origin ~ '^http[s]*://(.*)') {
set $cors 'cors';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
}
if ($request_method = 'OPTIONS') {
set $cors '${cors}_options';
}
if ($cors = 'cors_options') {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
return 204;
} {code}
was:
Currently, Ozone does not support per-bucket CORS configuration
We can implement per-bucket CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] .
The create flow looks something like
* User uses the S3 API to create the CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
* S3G parse the request and send the request to OM
* OM will update the OmBucketInfo with the CORS policy
Since S3G will call getBucket, we can return the CORS policy as part of
OzoneBucket and use that to create the CORS response.
For reference, NGINX CORS configuration can look like this to allow S3G to be
compatible with CORS.
{code:java}
if ($http_origin ~ '^http[s]*://(.*)') {
set $cors 'cors';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
}
if ($request_method = 'OPTIONS') {
set $cors '${cors}_options';
}
if ($cors = 'cors_options') {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
return 204;
} {code}
> Support bucket CORS configuration
> ---------------------------------
>
> Key: HDDS-14386
> URL: https://issues.apache.org/jira/browse/HDDS-14386
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Ivan Andika
> Priority: Major
>
> Currently, Ozone does not support per-bucket CORS configuration. This means
> that the CORS configuration is only decided on the reverse proxy that we use
> (e.g. nginx , HAProxy, etc).
> We can implement per-bucket CORS configuration
> ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] .
> The create flow looks something like
> * User uses the S3 API to create the CORS configuration
> ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
> * S3G parse the request and send the request to OM
> * OM will update the OmBucketInfo with the CORS policy
> Since S3G will call getBucket, we can return the CORS policy as part of
> OzoneBucket and use that to create the CORS response (e.g.
> Access-Control-Allow-Origin, etc).
> For reference, NGINX CORS configuration can look like this to allow S3G to be
> compatible with CORS.
> {code:java}
> if ($http_origin ~ '^http[s]*://(.*)') {
> set $cors 'cors';
> add_header 'Access-Control-Allow-Origin' $http_origin always;
> add_header 'Access-Control-Allow-Credentials' 'true' always;
> add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
> PATCH, OPTIONS' always;
> add_header 'Access-Control-Allow-Headers'
> $http_access_control_request_headers always;
> add_header 'Access-Control-Expose-Headers' 'ETag' always;
> }
> if ($request_method = 'OPTIONS') {
> set $cors '${cors}_options';
> }
> if ($cors = 'cors_options') {
> add_header 'Access-Control-Allow-Origin' $http_origin always;
> add_header 'Access-Control-Allow-Credentials' 'true' always;
> add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
> PATCH, OPTIONS' always;
> add_header 'Access-Control-Allow-Headers'
> $http_access_control_request_headers always;
> add_header 'Access-Control-Expose-Headers' 'ETag' always;
> return 204;
> } {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
