[
https://issues.apache.org/jira/browse/HDDS-14386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Andika updated HDDS-14386:
-------------------------------
Description:
Currently, Ozone does not support per-bucket CORS configuration. This means
that the CORS configuration is only decided on the reverse proxy that we use
(e.g. nginx , HAProxy, etc).
We can implement per-bucket CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] by adding
CORS configuration to OmBucketInfo in OM DB.
The create flow looks something like
* User uses the S3 API to create the CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
* S3G parse the request and send the request to OM
* OM will update the OmBucketInfo with the CORS policy
Since S3G will call getBucket for most S3 requests, we can return the CORS
policy as part of OzoneBucket and use that to decide on the CORS response
headers (e.g. Access-Control-Allow-Origin, etc) to return. We can then use the
bucket CORS configuration instead of CORS policy from the reverse proxy.
For reference, NGINX CORS configuration can look like this
{code:java}
if ($http_origin ~ '^http[s]*://(.*)') {
set $cors 'cors';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
}
if ($request_method = 'OPTIONS') {
set $cors '${cors}_options';
}
if ($cors = 'cors_options') {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
return 204;
} {code}
was:
Currently, Ozone does not support per-bucket CORS configuration. This means
that the CORS configuration is only decided on the reverse proxy that we use
(e.g. nginx , HAProxy, etc).
We can implement per-bucket CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] by adding
CORS configuration to OmBucketInfo in OM DB.
The create flow looks something like
* User uses the S3 API to create the CORS configuration
([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
* S3G parse the request and send the request to OM
* OM will update the OmBucketInfo with the CORS policy
Since S3G will call getBucket for most S3 requests, we can return the CORS
policy as part of OzoneBucket and use that to decide on the CORS response
headers (e.g. Access-Control-Allow-Origin, etc) to return.
For reference, NGINX CORS configuration can look like this
{code:java}
if ($http_origin ~ '^http[s]*://(.*)') {
set $cors 'cors';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
}
if ($request_method = 'OPTIONS') {
set $cors '${cors}_options';
}
if ($cors = 'cors_options') {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers'
$http_access_control_request_headers always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
return 204;
} {code}
> Support bucket CORS configuration
> ---------------------------------
>
> Key: HDDS-14386
> URL: https://issues.apache.org/jira/browse/HDDS-14386
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Ivan Andika
> Priority: Major
>
> Currently, Ozone does not support per-bucket CORS configuration. This means
> that the CORS configuration is only decided on the reverse proxy that we use
> (e.g. nginx , HAProxy, etc).
> We can implement per-bucket CORS configuration
> ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html)] by adding
> CORS configuration to OmBucketInfo in OM DB.
> The create flow looks something like
> * User uses the S3 API to create the CORS configuration
> ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)]
> * S3G parse the request and send the request to OM
> * OM will update the OmBucketInfo with the CORS policy
> Since S3G will call getBucket for most S3 requests, we can return the CORS
> policy as part of OzoneBucket and use that to decide on the CORS response
> headers (e.g. Access-Control-Allow-Origin, etc) to return. We can then use
> the bucket CORS configuration instead of CORS policy from the reverse proxy.
> For reference, NGINX CORS configuration can look like this
> {code:java}
> if ($http_origin ~ '^http[s]*://(.*)') {
> set $cors 'cors';
> add_header 'Access-Control-Allow-Origin' $http_origin always;
> add_header 'Access-Control-Allow-Credentials' 'true' always;
> add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
> PATCH, OPTIONS' always;
> add_header 'Access-Control-Allow-Headers'
> $http_access_control_request_headers always;
> add_header 'Access-Control-Expose-Headers' 'ETag' always;
> }
> if ($request_method = 'OPTIONS') {
> set $cors '${cors}_options';
> }
> if ($cors = 'cors_options') {
> add_header 'Access-Control-Allow-Origin' $http_origin always;
> add_header 'Access-Control-Allow-Credentials' 'true' always;
> add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, HEAD, DELETE,
> PATCH, OPTIONS' always;
> add_header 'Access-Control-Allow-Headers'
> $http_access_control_request_headers always;
> add_header 'Access-Control-Expose-Headers' 'ETag' always;
> return 204;
> } {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
