fix: JS caching via Access-Control-Expose-Headers (#8984)

This fix safelists additional headers allowing JS running on websites to read them when IPFS resource is downloaded via Fetch API. These headers provide metadata necessary for making smart caching decisions when IPFS resources are downloaded via Service Worker or a similar middleware on the edge. (cherry picked from commit 650bc24)
ipfs · Jun 8, 2022 · bbe8c20 · bbe8c20
1 parent 65481bb
commit bbe8c20
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/core/corehttp/gateway.go b/core/corehttp/gateway.go
@@ -84,9 +84,12 @@ func GatewayOption(writable bool, paths ...string) ServeOption {
 
 		headers[ACEHeadersName] = cleanHeaderSet(
 			append([]string{
+				"Content-Length",
 				"Content-Range",
 				"X-Chunked-Output",
 				"X-Stream-Output",
+				"X-Ipfs-Path",
+				"X-Ipfs-Roots",
 			}, headers[ACEHeadersName]...))
 
 		var gateway http.Handler = newGatewayHandler(GatewayConfig{

diff --git a/test/sharness/t0112-gateway-cors.sh b/test/sharness/t0112-gateway-cors.sh
@@ -26,7 +26,10 @@ test_expect_success "GET response for Gateway resource looks good" '
   grep "< Access-Control-Allow-Origin: \*" curl_output &&
   grep "< Access-Control-Allow-Methods: GET" curl_output &&
   grep "< Access-Control-Allow-Headers: Range" curl_output &&
-  grep "< Access-Control-Expose-Headers: Content-Range" curl_output
+  grep "< Access-Control-Expose-Headers: Content-Range" curl_output &&
+  grep "< Access-Control-Expose-Headers: Content-Length" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
 '
 
 # HTTP OPTIONS Request
@@ -40,7 +43,10 @@ test_expect_success "OPTIONS response for Gateway resource looks good" '
   grep "< Access-Control-Allow-Origin: \*" curl_output &&
   grep "< Access-Control-Allow-Methods: GET" curl_output &&
   grep "< Access-Control-Allow-Headers: Range" curl_output &&
-  grep "< Access-Control-Expose-Headers: Content-Range" curl_output
+  grep "< Access-Control-Expose-Headers: Content-Range" curl_output &&
+  grep "< Access-Control-Expose-Headers: Content-Length" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output
 '
 
 test_kill_ipfs_daemon
@@ -63,6 +69,9 @@ test_expect_success "Access-Control-Allow-Headers extends" '
   grep "< Access-Control-Allow-Headers: Range" curl_output &&
   grep "< Access-Control-Allow-Headers: X-Custom1" curl_output &&
   grep "< Access-Control-Expose-Headers: Content-Range" curl_output &&
+  grep "< Access-Control-Expose-Headers: Content-Length" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Path" curl_output &&
+  grep "< Access-Control-Expose-Headers: X-Ipfs-Roots" curl_output &&
   grep "< Access-Control-Expose-Headers: X-Custom2" curl_output
 '