minio/cmd/crossdomain-xml-handler.go

// Copyright (c) 2015-2024 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import "net/http"

// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`

// Standard path where an app would find cross domain policy information.
const crossDomainXMLEntity = "/crossdomain.xml"

// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player
// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
// When clients request content hosted on a particular source domain and that content make requests
// directed towards a domain other than its own, the remote domain needs to host a cross-domain
// policy file that grants access to the source domain, allowing the client to continue the transaction.
func setCrossDomainPolicyMiddleware(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		cxml := crossDomainXML
		if globalServerCtxt.CrossDomainXML != "" {
			cxml = globalServerCtxt.CrossDomainXML
		}
		// Look for 'crossdomain.xml' in the incoming request.
		if r.URL.Path == crossDomainXMLEntity {
			// Write the standard cross domain policy xml.
			w.Write([]byte(cxml))
			// Request completed, no need to serve to other handlers.
			return
		}
		h.ServeHTTP(w, r)
	})
}
implement a flag to specify custom crossdomain.xml (#19262) fixes #16909 2024-03-18 14:42:40 +08:00			`// Copyright (c) 2015-2024 MinIO, Inc.`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 2016-07-28 10:53:55 +08:00
server: Move all the top level files into cmd folder. (#2490) This change brings a change which was done for the 'mc' package to allow for clean repo and have a cleaner github drop in experience. 2016-08-19 07:23:42 +08:00			`package cmd`
handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 2016-07-28 10:53:55 +08:00
			`import "net/http"`

			`// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml`
Cleanup and fixes (#3273) * newRequestID() (previously generateUploadID()) returns string than byte array. * Remove unclear comments and added appropriate comments. * SHA-256, MD5 Hash functions return Hex/Base64 encoded string than byte array. * Remove duplicate MD5 hasher functions. * Rename listObjectsValidateArgs() into validateListObjectsArgs() * Remove repeated auth check code in all bucket request handlers. * Remove abbreviated names in bucket-metadata * Avoid nested if in bucketPolicyMatchStatement() * Use ioutil.ReadFile() instead of os.Open() and ioutil.ReadAll() * Set crossDomainXML as constant. 2016-11-22 05:51:05 +08:00			const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`
handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 2016-07-28 10:53:55 +08:00
fs: Re-implement object layer to remember the fd (#3509) This patch re-writes FS backend to support shared backend sharing locks for safe concurrent access across multiple servers. 2017-01-17 09:05:00 +08:00			`// Standard path where an app would find cross domain policy information.`
			`const crossDomainXMLEntity = "/crossdomain.xml"`

handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 2016-07-28 10:53:55 +08:00			`// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player`
			`// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.`
			`// When clients request content hosted on a particular source domain and that content make requests`
			`// directed towards a domain other than its own, the remote domain needs to host a cross-domain`
			`// policy file that grants access to the source domain, allowing the client to continue the transaction.`
fix: set request ID in tracing context key (#17602) Since `addCustomerHeaders` middleware was after the `httpTracer` middleware, the request ID was not set in the http tracing context. By reordering these middleware functions, the request ID header becomes available. We also avoid setting the tracing context key again in `newContext`. Bonus: All middleware functions are renamed with a "Middleware" suffix to avoid confusion with http Handler functions. 2023-07-08 22:31:42 +08:00			`func setCrossDomainPolicyMiddleware(h http.Handler) http.Handler {`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 23:04:03 +08:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
implement a flag to specify custom crossdomain.xml (#19262) fixes #16909 2024-03-18 14:42:40 +08:00			`cxml := crossDomainXML`
			`if globalServerCtxt.CrossDomainXML != "" {`
			`cxml = globalServerCtxt.CrossDomainXML`
			`}`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 23:04:03 +08:00			`// Look for 'crossdomain.xml' in the incoming request.`
cleanup ignored static analysis (#16767) 2023-03-07 00:56:10 +08:00			`if r.URL.Path == crossDomainXMLEntity {`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 23:04:03 +08:00			`// Write the standard cross domain policy xml.`
implement a flag to specify custom crossdomain.xml (#19262) fixes #16909 2024-03-18 14:42:40 +08:00			`w.Write([]byte(cxml))`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 23:04:03 +08:00			`// Request completed, no need to serve to other handlers.`
			`return`
			`}`
			`h.ServeHTTP(w, r)`
			`})`
handlers: Add 'crossdomain.xml' handler. (#2305) Fixes #2301 2016-07-28 10:53:55 +08:00			`}`