From 4a6a3f2f4a7490c460d26f1d6d555fffced88019 Mon Sep 17 00:00:00 2001
From: snoe925 <snoe925@gmail.com>
Date: Sat, 6 Mar 2021 20:30:26 -0600
Subject: [PATCH] Make CORS handling optional

If corsRules is null, construct the default rules.  Also add HEAD method for CORS

Co-authored-by: Shannon Noe <shannon.noe@drwholdings.com>
---
 .../org/gaul/s3proxy/CrossOriginResourceSharing.java     | 4 ++--
 src/main/java/org/gaul/s3proxy/S3ProxyHandler.java       | 9 +++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
index 4d4b6f6..88abc92 100644
--- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
+++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
@@ -33,9 +33,9 @@ import com.google.common.collect.Lists;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-final class CrossOriginResourceSharing {
+final  class CrossOriginResourceSharing {
     protected static final Collection<String> SUPPORTED_METHODS =
-            ImmutableList.of("GET", "PUT", "POST");
+            ImmutableList.of("GET", "HEAD", "PUT", "POST");
 
     private static final String HEADER_VALUE_SEPARATOR = ", ";
     private static final String ALLOW_ANY_ORIGIN = "*";
diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 357cb17..4c36e85 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -220,8 +220,14 @@ public class S3ProxyHandler {
             AuthenticationType authenticationType, final String identity,
             final String credential, @Nullable String virtualHost,
             long maxSinglePartObjectSize, long v4MaxNonChunkedRequestSize,
-            boolean ignoreUnknownHeaders, CrossOriginResourceSharing corsRules,
+            boolean ignoreUnknownHeaders,
+            @Nullable CrossOriginResourceSharing corsRules,
             final String servicePath, int maximumTimeSkew) {
+        if (corsRules != null) {
+            this.corsRules = corsRules;
+        } else {
+            this.corsRules = new CrossOriginResourceSharing();
+        }
         if (authenticationType != AuthenticationType.NONE) {
             anonymousIdentity = false;
             blobStoreLocator = new BlobStoreLocator() {
@@ -252,7 +258,6 @@ public class S3ProxyHandler {
         this.maxSinglePartObjectSize = maxSinglePartObjectSize;
         this.v4MaxNonChunkedRequestSize = v4MaxNonChunkedRequestSize;
         this.ignoreUnknownHeaders = ignoreUnknownHeaders;
-        this.corsRules = corsRules;
         this.defaultBlobStore = blobStore;
         xmlOutputFactory.setProperty("javax.xml.stream.isRepairingNamespaces",
                 Boolean.FALSE);