From 7ea3079e3e7b061ed4dca0395759f42f0e3ec869 Mon Sep 17 00:00:00 2001
From: Chris Rendle-Short <chris@killred.net>
Date: Mon, 4 Sep 2023 16:09:52 +1000
Subject: [PATCH] FIX: Update DIRECT_UPLOAD CORS ruleset to include new Amazon
 signing headers (#23379)

New headers were added to upload PUT requests as part of a MinIO update (cf42466). This change updates the asset bucket CORS ruleset to allow the new headers in the preflight request.

See https://dev.discourse.org/t/111136



Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
---
 lib/s3_cors_rulesets.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/s3_cors_rulesets.rb b/lib/s3_cors_rulesets.rb
index 91216de082c..dfd3db3d386 100644
--- a/lib/s3_cors_rulesets.rb
+++ b/lib/s3_cors_rulesets.rb
@@ -19,7 +19,13 @@ class S3CorsRulesets
   }.freeze
 
   DIRECT_UPLOAD = {
-    allowed_headers: %w[Authorization Content-Disposition Content-Type],
+    allowed_headers: %w[
+      Authorization
+      Content-Disposition
+      Content-Type
+      X-Amz-Acl
+      X-Amz-Meta-Sha1-Checksum
+    ],
     expose_headers: ["ETag"],
     allowed_methods: %w[GET HEAD PUT],
     allowed_origins: ["*"],