<div style="text-align: right; margin-right: 10%;">Piero Molino, Yaroslav Dudin, and Sai Sumanth Miryala - <strong>Uber</strong> <a href="https://eng.uber.com/ludwig-v0-2/" target="_blank"><small>(ref)</small></a></div>

---

# CORS (Cross-Origin Resource Sharing) { #cors-cross-origin-resource-sharing }

<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" class="external-link" target="_blank">CORS or "Cross-Origin Resource Sharing"</a> refers to the situations when a frontend running in a browser has JavaScript code that communicates with a backend, and the backend is in a different "origin" than the frontend.

## Origin { #origin }

        assertEquals(0, mockResponse.getStatus());
    }

    // Test with valid Origin and CorsHandler found (PUT request)
    public void test_doFilter_withCorsHandler_put() throws IOException, ServletException {
        String origin = "http://example.com";
        mockRequest.setHeader("Origin", origin);
        mockRequest.setMethod("PUT");
        TestCorsHandler handler = new TestCorsHandler();

        String origin = "https://example.com";
        TestCorsHandler handler1 = new TestCorsHandler("handler1");
        TestCorsHandler handler2 = new TestCorsHandler("handler2");

        // Execute
        corsHandlerFactory.add(origin, handler1);
        corsHandlerFactory.add(origin, handler2);

        // Verify - should have the latest handler
        CorsHandler result = corsHandlerFactory.get(origin);

            corsHandler.process(origin, request, response);

            assertTrue("process should be called for origin: " + origin, processCalled);
            assertEquals(origin, processOrigin);

            List<String> originHeaders = responseHeaders.get("Access-Control-Allow-Origin");
            assertNotNull("Headers should be set for origin: " + origin, originHeaders);

          git reset origin/master --hard

          ./gradlew wrapper --gradle-version=nightly
          ./gradlew wrapper

          if ! git diff --quiet; then
            ./gradlew -v
            VERSION=$(./gradlew -v | grep "Gradle" | cut -d' ' -f2)
            git add .
            git commit -m "Update Gradle wrapper to $VERSION"
            git push --force origin devprod/upgrade-to-latest-wrapper

* callback hell: callback hell (do not translate to "infierno de callbacks")
* tip: Consejo (do not translate to "tip")
* check: Revisa (do not translate to "chequea" or "comprobación)
* Cross-Origin Resource Sharing: Cross-Origin Resource Sharing (do not translate to "Compartición de Recursos de Origen Cruzado")
* Release Notes: Release Notes (do not translate to "Notas de la Versión")

But if you have custom headers that you want a client in a browser to be able to see, you need to add them to your CORS configurations ([CORS (Cross-Origin Resource Sharing)](cors.md){.internal-link target=_blank}) using the parameter `expose_headers` documented in <a href="https://www.starlette.io/middleware/#corsmiddleware" class="external-link" target="_blank">Starlette's CORS docs</a>.

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if origin := w.Header().Get("Access-Control-Allow-Origin"); origin == "null" {
			// This is a workaround change to ensure that "Origin: null"
			// incoming request to a response back as "*" instead of "null"
			w.Header().Set("Access-Control-Allow-Origin", "*")
		}
		if globalDNSConfig == nil || !globalBucketFederation ||

    "Accept-Ranges": "bytes",
    "Content-Length": "0",
    "ETag": "9fe7a344ef4227d3e53751e9d88ce41e",
    "Server": "MinIO",
    "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
    "Vary": "Origin,Accept-Encoding",
    "X-Amz-Id-2": "dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8",
    "X-Amz-Request-Id": "17CDC1F4D7E69123",
    "X-Content-Type-Options": "nosniff",