diff options
| -rw-r--r-- | weed/s3api/cors/cors.go | 4 | ||||
| -rw-r--r-- | weed/s3api/cors/cors_test.go | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/weed/s3api/cors/cors.go b/weed/s3api/cors/cors.go index d6eb520af..ac9e7cca3 100644 --- a/weed/s3api/cors/cors.go +++ b/weed/s3api/cors/cors.go @@ -361,6 +361,10 @@ func ApplyHeaders(w http.ResponseWriter, corsResp *CORSResponse) { if corsResp.AllowOrigin != "" { w.Header().Set("Access-Control-Allow-Origin", corsResp.AllowOrigin) + + if corsResp.AllowOrigin != "*" { + w.Header().Add("Vary", "Origin") + } } if corsResp.AllowMethods != "" { diff --git a/weed/s3api/cors/cors_test.go b/weed/s3api/cors/cors_test.go index 1b5c54028..8494a284d 100644 --- a/weed/s3api/cors/cors_test.go +++ b/weed/s3api/cors/cors_test.go @@ -480,6 +480,7 @@ func TestApplyHeaders(t *testing.T) { "Access-Control-Allow-Headers": "Content-Type", "Access-Control-Expose-Headers": "ETag", "Access-Control-Max-Age": "3600", + "Vary": "Origin", }, }, { @@ -493,6 +494,7 @@ func TestApplyHeaders(t *testing.T) { "Access-Control-Allow-Origin": "http://example.com", "Access-Control-Allow-Methods": "GET", "Access-Control-Allow-Credentials": "true", + "Vary": "Origin", }, }, } |