CORS support

[auguster]

I'm accessing videos stored by s3proxy from a page on another domain. I have security issues in my JS script because, when serving a video, the header doesn't specify any "Access-Control-Allow-Origin". I'd like s3proxy to set "Access-Control-Allow-Origin" to a value (e.g. "*" for testing), is there a way to do that as of now ?

Maybe through jclouds' configuration ?

[gaul]

S3Proxy does not support CORS today. We can address this two ways: full CORS support or just add a mechanism to inject the header into responses, possibly arbitrary headers. For a lot of test use cases I can see the latter sufficing. Does this address your use case?

Eventually S3Proxy needs full CORS support. API reference:

https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTcors.html

[auguster]

Header injection would be perfect for me. I'm only using s3proxy for testing purposes.

[ShayFB]

Hi, I tried the latest version with the header injection.
I added "s3proxy.cors-allow-all=true" to the configuration,

I tried to use the S3 AWS JS SDK.
The first attempt I try, the browser sends an OPTIONS request which always fails with 403.

Here is an example of a query (I exported it to curl)

curl 'http://192.168.33.109:8080/testbucket?acl' -X OPTIONS -H 'Access-Control-Request-Method: GET' -H 'Origin: http://192.168.33.109' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8,he;q=0.6,ru;q=0.4,ja;q=0.2,de;q=0.2,zh;q=0.2' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36' -H 'Accept: /' -H 'Referer: http://192.168.33.109/' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: authorization, x-amz-date, x-amz-user-agent' --compressed

The response is:

AccessDeniedAWS authentication requires a valid Date or x-amz-date header4442587FB7D0A2F9

Any idea?

[nidu]

Hi. I'm using trying to upload files into s3proxy from chrome directly using upload method and it works just fine for 2Kb file, but fails with No 'Access-Control-Allow-Origin' header is present on the requested resource. for 5Mb file.

I can see that for 2Kb upload is done with PUT and for 5Mb - with POST (URL with ?uploads). Is CORS supported for POST? I have S3PROXY_CORS_ALLOW_ALL=true in my docker-compose.yml. Maybe there's something else to set up?

[gaul]

@reimannf could you look at this?

[reimannf]

Okay. The handleInitiateMultipartUpload https://github.com/gaul/s3proxy/blob/master/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java#L697-L698 is not the Standard POST handler with CORS support https://github.com/gaul/s3proxy/blob/master/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java#L2122-L2128.
I think to support Multipart Uploads for CORS we need to add it to handleInitiateMultipartUpload, handleCompleteMultipartUpload, handleAbortMultipartUpload, handleUploadPart, handleListMultipartUploads.
Currently there is only support for the very simple use cases, like Object PUT or GET, but not for the more advanced ones. I could do the multipart stuff after my vacation (2 weeks), but not all the others. @gaul whats your opinion?