diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-12-13 14:33:46 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-12-13 14:33:46 -0800 |
| commit | f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2 (patch) | |
| tree | 57e471700f29c40eaa37161f056b5d811d49aec5 /weed/s3api/cors/cors_test.go | |
| parent | f77e6ed2d4bb228187c492b9e5c04ba09362b0a6 (diff) | |
| download | seaweedfs-f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2.tar.xz seaweedfs-f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2.zip | |
fix: CORS wildcard subdomain matching cache race condition (#7736)
test: add HTTPS test cases for CORS wildcard subdomain matching
This adds comprehensive test coverage for HTTPS subdomain wildcard matching
in TestMatchesOrigin:
- https exact match
- https no match
- https wildcard subdomain match
- https wildcard subdomain no match (base domain)
- https wildcard subdomain no match (different domain)
- protocol mismatch tests (http pattern vs https origin and vice versa)
The matchWildcard function was already working correctly - this just adds
test coverage for the HTTPS cases that were previously untested.
Note: The cache invalidation is already handled synchronously by
setBucketMetadata() which is called via:
- UpdateBucketCORS -> UpdateBucketMetadata -> setBucketMetadata
- ClearBucketCORS -> UpdateBucketMetadata -> setBucketMetadata
Added clarifying comments to document this call chain.
Diffstat (limited to 'weed/s3api/cors/cors_test.go')
| -rw-r--r-- | weed/s3api/cors/cors_test.go | 47 |
1 files changed, 45 insertions, 2 deletions
diff --git a/weed/s3api/cors/cors_test.go b/weed/s3api/cors/cors_test.go index 8494a284d..7b72ee482 100644 --- a/weed/s3api/cors/cors_test.go +++ b/weed/s3api/cors/cors_test.go @@ -263,6 +263,49 @@ func TestMatchesOrigin(t *testing.T) { origin: "http://other.com", want: true, }, + // HTTPS test cases + { + name: "https exact match", + allowedOrigins: []string{"https://example.com"}, + origin: "https://example.com", + want: true, + }, + { + name: "https no match", + allowedOrigins: []string{"https://example.com"}, + origin: "https://other.com", + want: false, + }, + { + name: "https wildcard subdomain match", + allowedOrigins: []string{"https://*.example.com"}, + origin: "https://api.example.com", + want: true, + }, + { + name: "https wildcard subdomain no match - base domain", + allowedOrigins: []string{"https://*.example.com"}, + origin: "https://example.com", + want: false, + }, + { + name: "https wildcard subdomain no match - different domain", + allowedOrigins: []string{"https://*.example.com"}, + origin: "https://api.other.com", + want: false, + }, + { + name: "protocol mismatch - http pattern https origin", + allowedOrigins: []string{"http://*.example.com"}, + origin: "https://api.example.com", + want: false, + }, + { + name: "protocol mismatch - https pattern http origin", + allowedOrigins: []string{"https://*.example.com"}, + origin: "http://api.example.com", + want: false, + }, } for _, tt := range tests { @@ -480,7 +523,7 @@ func TestApplyHeaders(t *testing.T) { "Access-Control-Allow-Headers": "Content-Type", "Access-Control-Expose-Headers": "ETag", "Access-Control-Max-Age": "3600", - "Vary": "Origin", + "Vary": "Origin", }, }, { @@ -494,7 +537,7 @@ func TestApplyHeaders(t *testing.T) { "Access-Control-Allow-Origin": "http://example.com", "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Credentials": "true", - "Vary": "Origin", + "Vary": "Origin", }, }, } |