From 01f956052e581d0d68a2206b05d50043e9144d02 Mon Sep 17 00:00:00 2001
From: Andrew Gaul <andrew@gaul.org>
Date: Fri, 1 Jul 2016 18:21:08 -0700
Subject: [PATCH] Add property to include permissive CORS response

References #142.
---
 src/main/java/org/gaul/s3proxy/Main.java             | 6 ++++++
 src/main/java/org/gaul/s3proxy/S3Proxy.java          | 8 +++++++-
 src/main/java/org/gaul/s3proxy/S3ProxyConstants.java | 3 +++
 src/main/java/org/gaul/s3proxy/S3ProxyHandler.java   | 9 ++++++++-
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/gaul/s3proxy/Main.java b/src/main/java/org/gaul/s3proxy/Main.java
index 5e46526..df8e505 100644
--- a/src/main/java/org/gaul/s3proxy/Main.java
+++ b/src/main/java/org/gaul/s3proxy/Main.java
@@ -126,6 +126,8 @@ public final class Main {
                 S3ProxyConstants.PROPERTY_V4_MAX_NON_CHUNKED_REQUEST_SIZE);
         String ignoreUnknownHeaders = properties.getProperty(
                 S3ProxyConstants.PROPERTY_IGNORE_UNKNOWN_HEADERS);
+        String corsAllowAll = properties.getProperty(
+                S3ProxyConstants.PROPERTY_CORS_ALLOW_ALL);
 
         BlobStore blobStore = createBlobStore(properties);
 
@@ -186,6 +188,10 @@ public final class Main {
                 s3ProxyBuilder.ignoreUnknownHeaders(Boolean.parseBoolean(
                         ignoreUnknownHeaders));
             }
+            if (corsAllowAll != null) {
+                s3ProxyBuilder.corsAllowAll(Boolean.parseBoolean(
+                        corsAllowAll));
+            }
             s3Proxy = s3ProxyBuilder.build();
         } catch (IllegalArgumentException | IllegalStateException e) {
             System.err.println(e.getMessage());
diff --git a/src/main/java/org/gaul/s3proxy/S3Proxy.java b/src/main/java/org/gaul/s3proxy/S3Proxy.java
index 74f02dc..30b6e21 100644
--- a/src/main/java/org/gaul/s3proxy/S3Proxy.java
+++ b/src/main/java/org/gaul/s3proxy/S3Proxy.java
@@ -104,7 +104,7 @@ public final class S3Proxy {
         handler = new S3ProxyHandler(builder.blobStore, builder.identity,
                 builder.credential, Optional.fromNullable(builder.virtualHost),
                 builder.v4MaxNonChunkedRequestSize,
-                builder.ignoreUnknownHeaders);
+                builder.ignoreUnknownHeaders, builder.corsAllowAll);
         server.setHandler(handler);
     }
 
@@ -119,6 +119,7 @@ public final class S3Proxy {
         private String virtualHost;
         private long v4MaxNonChunkedRequestSize = 32 * 1024 * 1024;
         private boolean ignoreUnknownHeaders;
+        private boolean corsAllowAll;
 
         Builder() {
         }
@@ -174,6 +175,11 @@ public final class S3Proxy {
             this.ignoreUnknownHeaders = ignoreUnknownHeaders;
             return this;
         }
+
+        public Builder corsAllowAll(boolean corsAllowAll) {
+            this.corsAllowAll = corsAllowAll;
+            return this;
+        }
     }
 
     public static Builder builder() {
diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyConstants.java b/src/main/java/org/gaul/s3proxy/S3ProxyConstants.java
index fcf43d9..d798d88 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyConstants.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyConstants.java
@@ -25,6 +25,9 @@ public final class S3ProxyConstants {
             "s3proxy.authorization";
     public static final String PROPERTY_IDENTITY =
             "s3proxy.identity";
+    /** When true, include "Access-Control-Allow-Origin: *" in all responses. */
+    public static final String PROPERTY_CORS_ALLOW_ALL =
+            "s3proxy.cors-allow-all";
     public static final String PROPERTY_CREDENTIAL =
             "s3proxy.credential";
     public static final String PROPERTY_IGNORE_UNKNOWN_HEADERS =
diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 7f86a80..df12515 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -197,6 +197,7 @@ final class S3ProxyHandler extends AbstractHandler {
     private final Optional<String> virtualHost;
     private final long v4MaxNonChunkedRequestSize;
     private final boolean ignoreUnknownHeaders;
+    private final boolean corsAllowAll;
     private final XMLOutputFactory xmlOutputFactory =
             XMLOutputFactory.newInstance();
     private BlobStoreLocator blobStoreLocator;
@@ -216,7 +217,8 @@ final class S3ProxyHandler extends AbstractHandler {
 
     S3ProxyHandler(final BlobStore blobStore, final String identity,
             final String credential, Optional<String> virtualHost,
-            long v4MaxNonChunkedRequestSize, boolean ignoreUnknownHeaders) {
+            long v4MaxNonChunkedRequestSize, boolean ignoreUnknownHeaders,
+            boolean corsAllowAll) {
         if (identity != null) {
             anonymousIdentity = false;
             blobStoreLocator = new BlobStoreLocator() {
@@ -244,6 +246,7 @@ final class S3ProxyHandler extends AbstractHandler {
         this.virtualHost = requireNonNull(virtualHost);
         this.v4MaxNonChunkedRequestSize = v4MaxNonChunkedRequestSize;
         this.ignoreUnknownHeaders = ignoreUnknownHeaders;
+        this.corsAllowAll = corsAllowAll;
         this.defaultBlobStore = blobStore;
         xmlOutputFactory.setProperty("javax.xml.stream.isRepairingNamespaces",
                 Boolean.FALSE);
@@ -1448,6 +1451,10 @@ final class S3ProxyHandler extends AbstractHandler {
 
         response.setStatus(status);
 
+        if (corsAllowAll) {
+            response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
+        }
+
         addMetadataToResponse(request, response, blob.getMetadata());
         // TODO: handles only a single range due to jclouds limitations
         Collection<String> contentRanges =