github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/cmd/crossdomain-xml-handler.go

github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/cmd/crossdomain-xml-handler.go (about)

     1  // Copyright (c) 2015-2024 MinIO, Inc.
     2  //
     3  // This file is part of MinIO Object Storage stack
     4  //
     5  // This program is free software: you can redistribute it and/or modify
     6  // it under the terms of the GNU Affero General Public License as published by
     7  // the Free Software Foundation, either version 3 of the License, or
     8  // (at your option) any later version.
     9  //
    10  // This program is distributed in the hope that it will be useful
    11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  // GNU Affero General Public License for more details.
    14  //
    15  // You should have received a copy of the GNU Affero General Public License
    16  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  
    18  package cmd
    19  
    20  import "net/http"
    21  
    22  // Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
    23  const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`
    24  
    25  // Standard path where an app would find cross domain policy information.
    26  const crossDomainXMLEntity = "/crossdomain.xml"
    27  
    28  // A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player
    29  // or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
    30  // When clients request content hosted on a particular source domain and that content make requests
    31  // directed towards a domain other than its own, the remote domain needs to host a cross-domain
    32  // policy file that grants access to the source domain, allowing the client to continue the transaction.
    33  func setCrossDomainPolicyMiddleware(h http.Handler) http.Handler {
    34  	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    35  		cxml := crossDomainXML
    36  		if globalServerCtxt.CrossDomainXML != "" {
    37  			cxml = globalServerCtxt.CrossDomainXML
    38  		}
    39  		// Look for 'crossdomain.xml' in the incoming request.
    40  		if r.URL.Path == crossDomainXMLEntity {
    41  			// Write the standard cross domain policy xml.
    42  			w.Write([]byte(cxml))
    43  			// Request completed, no need to serve to other handlers.
    44  			return
    45  		}
    46  		h.ServeHTTP(w, r)
    47  	})
    48  }