diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-12-13 14:33:46 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-12-13 14:33:46 -0800 |
| commit | f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2 (patch) | |
| tree | 57e471700f29c40eaa37161f056b5d811d49aec5 /weed/s3api/s3_bucket_encryption.go | |
| parent | f77e6ed2d4bb228187c492b9e5c04ba09362b0a6 (diff) | |
| download | seaweedfs-f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2.tar.xz seaweedfs-f70cd054043bb6327b6b0f3b9e54a1f6d502d2a2.zip | |
fix: CORS wildcard subdomain matching cache race condition (#7736)
test: add HTTPS test cases for CORS wildcard subdomain matching
This adds comprehensive test coverage for HTTPS subdomain wildcard matching
in TestMatchesOrigin:
- https exact match
- https no match
- https wildcard subdomain match
- https wildcard subdomain no match (base domain)
- https wildcard subdomain no match (different domain)
- protocol mismatch tests (http pattern vs https origin and vice versa)
The matchWildcard function was already working correctly - this just adds
test coverage for the HTTPS cases that were previously untested.
Note: The cache invalidation is already handled synchronously by
setBucketMetadata() which is called via:
- UpdateBucketCORS -> UpdateBucketMetadata -> setBucketMetadata
- ClearBucketCORS -> UpdateBucketMetadata -> setBucketMetadata
Added clarifying comments to document this call chain.
Diffstat (limited to 'weed/s3api/s3_bucket_encryption.go')
| -rw-r--r-- | weed/s3api/s3_bucket_encryption.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/weed/s3api/s3_bucket_encryption.go b/weed/s3api/s3_bucket_encryption.go index 0d54c2cd5..cc9a0220f 100644 --- a/weed/s3api/s3_bucket_encryption.go +++ b/weed/s3api/s3_bucket_encryption.go @@ -218,13 +218,14 @@ func (s3a *S3ApiServer) getEncryptionConfiguration(bucket string) (*s3_pb.Encryp // updateEncryptionConfiguration updates the encryption configuration for a bucket func (s3a *S3ApiServer) updateEncryptionConfiguration(bucket string, encryptionConfig *s3_pb.EncryptionConfiguration) s3err.ErrorCode { // Update using structured API + // Note: UpdateBucketEncryption -> UpdateBucketMetadata -> setBucketMetadata + // already invalidates the cache synchronously after successful update err := s3a.UpdateBucketEncryption(bucket, encryptionConfig) if err != nil { glog.Errorf("updateEncryptionConfiguration: failed to update encryption config for bucket %s: %v", bucket, err) return s3err.ErrInternalError } - // Cache will be updated automatically via metadata subscription return s3err.ErrNone } @@ -242,13 +243,14 @@ func (s3a *S3ApiServer) removeEncryptionConfiguration(bucket string) s3err.Error } // Update using structured API + // Note: ClearBucketEncryption -> UpdateBucketMetadata -> setBucketMetadata + // already invalidates the cache synchronously after successful update err = s3a.ClearBucketEncryption(bucket) if err != nil { glog.Errorf("removeEncryptionConfiguration: failed to remove encryption config for bucket %s: %v", bucket, err) return s3err.ErrInternalError } - // Cache will be updated automatically via metadata subscription return s3err.ErrNone } |