From 7ea3079e3e7b061ed4dca0395759f42f0e3ec869 Mon Sep 17 00:00:00 2001 From: Chris Rendle-Short Date: Mon, 4 Sep 2023 16:09:52 +1000 Subject: [PATCH] FIX: Update DIRECT_UPLOAD CORS ruleset to include new Amazon signing headers (#23379) New headers were added to upload PUT requests as part of a MinIO update (cf42466). This change updates the asset bucket CORS ruleset to allow the new headers in the preflight request. See https://dev.discourse.org/t/111136 Co-authored-by: Sam Saffron --- lib/s3_cors_rulesets.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/s3_cors_rulesets.rb b/lib/s3_cors_rulesets.rb index 91216de082c..dfd3db3d386 100644 --- a/lib/s3_cors_rulesets.rb +++ b/lib/s3_cors_rulesets.rb @@ -19,7 +19,13 @@ class S3CorsRulesets }.freeze DIRECT_UPLOAD = { - allowed_headers: %w[Authorization Content-Disposition Content-Type], + allowed_headers: %w[ + Authorization + Content-Disposition + Content-Type + X-Amz-Acl + X-Amz-Meta-Sha1-Checksum + ], expose_headers: ["ETag"], allowed_methods: %w[GET HEAD PUT], allowed_origins: ["*"],