1 files changed, 22 insertions, 6 deletions

diff --git a/weed/s3api/s3err/error_handler.go b/weed/s3api/s3err/error_handler.go
index 910dab12a..81335c489 100644
--- a/weed/s3api/s3err/error_handler.go
+++ b/weed/s3api/s3err/error_handler.go
@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"encoding/xml"
 	"fmt"
-	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
-	"github.com/gorilla/mux"
-	"github.com/seaweedfs/seaweedfs/weed/glog"
 	"net/http"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+	"github.com/gorilla/mux"
+	"github.com/seaweedfs/seaweedfs/weed/glog"
 )
 
 type mimeType string
@@ -76,10 +77,25 @@ func EncodeXMLResponse(response interface{}) []byte {
 func setCommonHeaders(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("x-amz-request-id", fmt.Sprintf("%d", time.Now().UnixNano()))
 	w.Header().Set("Accept-Ranges", "bytes")
+
+	// Only set static CORS headers for service-level requests, not bucket-specific requests
 	if r.Header.Get("Origin") != "" {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Expose-Headers", "*")
-		w.Header().Set("Access-Control-Allow-Credentials", "true")
+		// Use mux.Vars to detect bucket-specific requests more reliably
+		vars := mux.Vars(r)
+		bucket := vars["bucket"]
+		isBucketRequest := bucket != ""
+
+		// Only apply static CORS headers if this is NOT a bucket-specific request
+		// and no bucket-specific CORS headers were already set
+		if !isBucketRequest && w.Header().Get("Access-Control-Allow-Origin") == "" {
+			// This is a service-level request (like OPTIONS /), apply static CORS
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "*")
+			w.Header().Set("Access-Control-Allow-Headers", "*")
+			w.Header().Set("Access-Control-Expose-Headers", "*")
+			w.Header().Set("Access-Control-Allow-Credentials", "true")
+		}
+		// For bucket-specific requests, let the CORS middleware handle the headers
 	}
 }