CORS: Add Headers required for Range Requests

[robbi5]

Expected Behavior

Minio already supports partial requests with the Range Header - but sadly not when using CORS. For this to work Accept-Ranges and two more headers (see below) have to be added to the Access-Control-Expose-Headers Header.

Current Behavior

The Access-Control-Expose-Headers Header contains: Content-Length,Content-Type,Connection,Date,Etag,Server,X-Amz-Delete-Marker,X-Amz-Id-2,X-Amz-Request-Id,X-Amz-Version-Id
In the Chrome developer console Refused to get unsafe header "Accept-Ranges" appears.

Possible Solution

Add the following Headers to the Access-Control-Expose-Headers:

• Accept-Ranges
• Content-Range
• Content-Encoding

Context

Using pdf.js on a different domain, it tries to use partial requests for progressive loading of the document. This is only possible if the Accept-Ranges and the other two headers are included in the Access-Control-Expose-Headers.

Using Amazon S3 I could configure this with the <CORSConfiguration> like in this example:
mozilla/pdf.js#3150 (comment)

Your Environment

• Version used (minio version): 2018-03-19T19:22:06Z

[MatinF]

From what we can gather, this works now in the back end, but not the client side.
Is this something that is being resolved in a separate issue?

[harshavardhana]

Unable to understand @MatinF can you elaborate more?

[MatinF]

Sorry for being unclear - I've tried to elaborate below. If this belongs in a separate issue, I'll move it.

We're building a front-end browser application that will link up with AWS S3 and Minio S3 - similar to the Minio Browser in concept.

As part of this front-end, we wish to display some custom meta tags for our S3 objects. This can be done in AWS by exposing the custom tags via the bucket's CORS configuration. However, no similar option seems to be available for Minio.

Is it possible to add an option to expose custom meta tags in Minio, similar to AWS - or is there a simple work-around?

[harshavardhana]

Ah understood.

We don't support AWS S3 CORS API, instead we expose all headers through CORS.

Are you saying you want the ability to turn it on and off?

[MatinF]

Hi again,

I guess we're looking for a way to add a custom CORS configuration, at least adding specific custom tags. For comparison, what we're adding in our AWS bucket currently is the below.

The relevant tags are the ones starting with "x-amz-meta" below:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <ExposeHeader>x-amz-meta-fw</ExposeHeader>
    <ExposeHeader>x-amz-meta-hw</ExposeHeader>
    <ExposeHeader>x-amz-meta-ssid</ExposeHeader>
    <ExposeHeader>x-amz-meta-timestamp</ExposeHeader>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

[harshavardhana]

@MatinF understood, please open a feature request - we will let you know if its feasible for us to implement this.

[MatinF]

Clear, I will - thank you

[harshavardhana]

* GET PUT POST DELETE HEAD x-amz-meta-fw x-amz-meta-hw x-amz-meta-ssid x-amz-meta-timestamp *

For now, we expose all headers by default in CORS @MatinF so you don't need this API with MinIO.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.