Skip to content

fix(s3): Evaluate S3 CORS against incoming HTTP Requests#131

Merged
hectorvent merged 10 commits intohectorvent:mainfrom
bruderj15:fix/#72-s3-put-bucket-cors
Apr 3, 2026
Merged

fix(s3): Evaluate S3 CORS against incoming HTTP Requests#131
hectorvent merged 10 commits intohectorvent:mainfrom
bruderj15:fix/#72-s3-put-bucket-cors

Conversation

@bruderj15
Copy link
Copy Markdown
Contributor

@bruderj15 bruderj15 commented Mar 30, 2026

Summary

Closes #72

The S3 CORS configuration was stored and retrievable, but there was no mechanism to evaluate it against incoming HTTP requests. Specifically:

  • No @OPTIONS endpoint existed → JAX-RS generated a generic 200 OK with no CORS headers
  • No ContainerResponseFilter existed → actual GET/PUT/etc. responses with an Origin header also got no CORS headers

Added mentioned endpoints and filter.

Type of change

  • Bug fix (fix:)
  • New feature (feat:)
  • Breaking change (feat!: or fix!:)
  • Docs / chore

AWS Compatibility

Checklist

  • ./mvnw test passes locally
  • New or updated integration test added
  • Commit messages follow Conventional Commits

@hectorvent hectorvent added s3 bug Something isn't working labels Mar 30, 2026
@bruderj15 bruderj15 marked this pull request as ready for review March 30, 2026 16:45
Copilot AI review requested due to automatic review settings March 30, 2026 16:45
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds S3 CORS enforcement to Floci by evaluating stored bucket CORS rules against incoming HTTP requests, enabling AWS-like preflight handling and CORS headers on actual S3 responses (fixes #72).

Changes:

  • Added @OPTIONS handlers in S3Controller to respond to CORS preflight requests with appropriate Access-Control-* headers.
  • Implemented CORS rule evaluation in S3Service and applied it to non-preflight responses via a JAX-RS ContainerResponseFilter.
  • Added an integration test suite covering preflight and actual-request CORS behaviors (including delete/reset scenarios).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
src/main/java/io/github/hectorvent/floci/services/s3/S3Controller.java Adds OPTIONS preflight endpoints and constructs CORS preflight responses
src/main/java/io/github/hectorvent/floci/services/s3/S3Service.java Introduces CORS rule parsing/evaluation logic used by controller/filter
src/main/java/io/github/hectorvent/floci/services/s3/S3CorsFilter.java Adds CORS headers to non-OPTIONS S3 responses when a rule matches
src/test/java/io/github/hectorvent/floci/services/s3/S3CorsIntegrationTest.java New integration tests for S3 CORS behavior across multiple scenarios
.gitignore Ignores Zed settings and fixes the posts entry formatting

bruderj15 and others added 7 commits March 30, 2026 19:10
@bruderj15
Update src/main/java/io/github/hectorvent/floci/services/s3/S3Control…
0867437 
…ler.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Julian Bruder <94740838+bruderj15@users.noreply.github.com>
@bruderj15
Update src/main/java/io/github/hectorvent/floci/services/s3/S3Control…
e20ec82 
…ler.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Julian Bruder <94740838+bruderj15@users.noreply.github.com>
@bruderj15
Update src/main/java/io/github/hectorvent/floci/services/s3/S3Control…
0acf74a 
…ler.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Julian Bruder <94740838+bruderj15@users.noreply.github.com>
@bruderj15
Update src/main/java/io/github/hectorvent/floci/services/s3/S3Service…
376b6c7 
….java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Julian Bruder <94740838+bruderj15@users.noreply.github.com>
@bruderj15
fix copilot mess
2c2845b
@bruderj15
prevent duplicate headers
4b72667
@bruderj15
respect all allowed AWS S3 wildcards for allowed origin
f0f96fd
@hectorvent
Copy link
Copy Markdown
Owner

hectorvent commented Mar 31, 2026

Hi @bruderj15,

Thanks for taking the time to contribute! We've seen your PR and will take a look soon.

To ensure this implementation stays robust, could you also open a PR in our compatibility suite at https://github.com/hectorvent/floci-compatibility-tests? This helps us validate that your changes keep working perfectly as the project evolves.

@bruderj15
Merge branch 'main' into fix/hectorvent#72-s3-put-bucket-cors
4e5db63 
Signed-off-by: Julian Bruder <94740838+bruderj15@users.noreply.github.com>
@bruderj15
Copy link
Copy Markdown
Contributor Author

bruderj15 commented Apr 2, 2026

Here we go @hectorvent: hectorvent/floci-compatibility-tests#36

@hectorvent
Copy link
Copy Markdown
Owner

hectorvent commented Apr 3, 2026

Thanks @bruderj15

@hectorvent hectorvent merged commit e78c833 into hectorvent:main Apr 3, 2026
8 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bug Something isn't working s3 waiting-contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] S3 PutBucketCors config CORS headers are never applied to responses

3 participants

@bruderj15 @hectorvent