From cec1a358541e84a0417edf5967616129ee98c043 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Wed, 29 Oct 2025 12:34:17 -0700
Subject: [PATCH] expose aws headers

---
 weed/s3api/s3api_bucket_cors_handlers.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/weed/s3api/s3api_bucket_cors_handlers.go b/weed/s3api/s3api_bucket_cors_handlers.go
index 58f91b0ee..eab1d1d9f 100644
--- a/weed/s3api/s3api_bucket_cors_handlers.go
+++ b/weed/s3api/s3api_bucket_cors_handlers.go
@@ -51,8 +51,16 @@ func (s3a *S3ApiServer) createFallbackCORSConfig() *cors.CORSConfiguration {
 		AllowedOrigins: s3a.option.AllowedOrigins,
 		AllowedMethods: []string{"GET", "PUT", "POST", "DELETE", "HEAD"},
 		AllowedHeaders: []string{"*"},
-		ExposeHeaders:  []string{"ETag", "Content-Length", "Content-Type"},
-		MaxAgeSeconds:  nil, // No max age by default
+		// Expose common S3 headers that web applications typically need
+		ExposeHeaders: []string{
+			"ETag",
+			"Content-Length",
+			"Content-Type",
+			"Last-Modified",
+			"x-amz-request-id",
+			"x-amz-version-id",
+		},
+		MaxAgeSeconds: nil, // No max age by default
 	}
 
 	return &cors.CORSConfiguration{