1 files changed, 45 insertions, 2 deletions

diff --git a/weed/s3api/cors/cors_test.go b/weed/s3api/cors/cors_test.go
index 8494a284d..7b72ee482 100644
--- a/weed/s3api/cors/cors_test.go
+++ b/weed/s3api/cors/cors_test.go
@@ -263,6 +263,49 @@ func TestMatchesOrigin(t *testing.T) {
 			origin:         "http://other.com",
 			want:           true,
 		},
+		// HTTPS test cases
+		{
+			name:           "https exact match",
+			allowedOrigins: []string{"https://example.com"},
+			origin:         "https://example.com",
+			want:           true,
+		},
+		{
+			name:           "https no match",
+			allowedOrigins: []string{"https://example.com"},
+			origin:         "https://other.com",
+			want:           false,
+		},
+		{
+			name:           "https wildcard subdomain match",
+			allowedOrigins: []string{"https://*.example.com"},
+			origin:         "https://api.example.com",
+			want:           true,
+		},
+		{
+			name:           "https wildcard subdomain no match - base domain",
+			allowedOrigins: []string{"https://*.example.com"},
+			origin:         "https://example.com",
+			want:           false,
+		},
+		{
+			name:           "https wildcard subdomain no match - different domain",
+			allowedOrigins: []string{"https://*.example.com"},
+			origin:         "https://api.other.com",
+			want:           false,
+		},
+		{
+			name:           "protocol mismatch - http pattern https origin",
+			allowedOrigins: []string{"http://*.example.com"},
+			origin:         "https://api.example.com",
+			want:           false,
+		},
+		{
+			name:           "protocol mismatch - https pattern http origin",
+			allowedOrigins: []string{"https://*.example.com"},
+			origin:         "http://api.example.com",
+			want:           false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -480,7 +523,7 @@ func TestApplyHeaders(t *testing.T) {
 				"Access-Control-Allow-Headers":  "Content-Type",
 				"Access-Control-Expose-Headers": "ETag",
 				"Access-Control-Max-Age":        "3600",
-				"Vary":        					 "Origin",
+				"Vary":                          "Origin",
 			},
 		},
 		{
@@ -494,7 +537,7 @@ func TestApplyHeaders(t *testing.T) {
 				"Access-Control-Allow-Origin":      "http://example.com",
 				"Access-Control-Allow-Methods":     "GET",
 				"Access-Control-Allow-Credentials": "true",
-				"Vary":        					    "Origin",
+				"Vary":                             "Origin",
 			},
 		},
 	}