From f2a5abe935cf3da0ca57e43b0b5bf2a4d381d196 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Wed, 29 Oct 2025 13:16:05 -0700
Subject: [PATCH] refactor

---
 weed/s3api/s3api_bucket_cors_handlers.go | 25 +++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/weed/s3api/s3api_bucket_cors_handlers.go b/weed/s3api/s3api_bucket_cors_handlers.go
index eab1d1d9f..6ab9693eb 100644
--- a/weed/s3api/s3api_bucket_cors_handlers.go
+++ b/weed/s3api/s3api_bucket_cors_handlers.go
@@ -45,22 +45,25 @@ func (s3a *S3ApiServer) createFallbackCORSConfig() *cors.CORSConfiguration {
 		return nil
 	}
 
+	// Default methods and headers for the fallback configuration
+	fallbackAllowedMethods := []string{"GET", "PUT", "POST", "DELETE", "HEAD"}
+	fallbackExposeHeaders := []string{
+		"ETag",
+		"Content-Length",
+		"Content-Type",
+		"Last-Modified",
+		"x-amz-request-id",
+		"x-amz-version-id",
+	}
+
 	// Create a permissive CORS rule based on global allowed origins
 	// This matches the behavior of handleCORSOriginValidation
 	rule := cors.CORSRule{
 		AllowedOrigins: s3a.option.AllowedOrigins,
-		AllowedMethods: []string{"GET", "PUT", "POST", "DELETE", "HEAD"},
+		AllowedMethods: fallbackAllowedMethods,
 		AllowedHeaders: []string{"*"},
-		// Expose common S3 headers that web applications typically need
-		ExposeHeaders: []string{
-			"ETag",
-			"Content-Length",
-			"Content-Type",
-			"Last-Modified",
-			"x-amz-request-id",
-			"x-amz-version-id",
-		},
-		MaxAgeSeconds: nil, // No max age by default
+		ExposeHeaders:  fallbackExposeHeaders,
+		MaxAgeSeconds:  nil, // No max age by default
 	}
 
 	return &cors.CORSConfiguration{