Skip to content

Update CORS to support FileViewer#86

Merged
brent-anyscale merged 1 commit intomainfrom
bhuang/update-cors
Jan 21, 2026
Merged

Update CORS to support FileViewer#86
brent-anyscale merged 1 commit intomainfrom
bhuang/update-cors

Conversation

@brycehuang30
Copy link
Contributor

@brycehuang30 brycehuang30 commented Jan 14, 2026
edited
Loading

Changes

Added the following CORS expose headers to s3 bucket:

expose_headers  = [
              + "Accept-Ranges",
              + "Content-Length",
              + "Content-Range",
            ]

Pull request checklist

Please check if your PR fulfills the following requirements:

  • pre-commit has been run
  • Tests for the changes have been added (for bug fixes / features)
  • All tests passing
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Test

$ terraform init && terraform validate && terraform plan
Initializing the backend...
Initializing modules...
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v6.28.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

var.anyscale_deploy_env
  (Required) Anyscale deploy environment. Used in resource names and tags.

  Enter a value: production

var.aws_region
  The AWS region in which all resources will be created.

  Enter a value: us-west-2


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:


      + cors_rule {
          + allowed_headers = [
              + "*",
            ]
          + allowed_methods = [
              + "DELETE",
              + "GET",
              + "HEAD",
              + "POST",
              + "PUT",
            ]
          + allowed_origins = [
              + "https://*.anyscale.com",
            ]
          + expose_headers  = [
              + "Accept-Ranges",
              + "Content-Length",
              + "Content-Range",
            ]
            id              = null
        }
    }

  # module.all_defaults.aws_s3_bucket_public_access_block.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_public_access_block" "anyscale_managed_s3_bucket" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (k

      + cors_rule (known after apply)

      + grant (known after apply)

      + lifecycle_rule (known after apply)

      + logging (known after apply)

      + object_lock_configuration (known after apply)

      + replication_configuration (known after apply)

      + server_side_encryption_configuration (known after apply)

      + versioning (known after apply)

      + website (known after apply)
    }

  # module.kitchen_sink.aws_s3_bucket_cors_configuration.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_cors_configuration" "anyscale_managed_s3_bucket" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + region = "us-west-2"

      + cors_rule {
          + allowed_headers = [

            }

          + noncurrent_version_transition {
              + noncurrent_days = 30
              + storage_class   = "STANDARD_IA"
            }
          + noncurrent_version_transition {
              + noncurrent_days = 60
              + storage_class   = "ONEZONE_IA"
            }
          + noncurrent_version_transition {
              + noncurrent_days = 90
              + storage_class   = "GLACIER"
            }
        }
    }

  # module.kitchen_sink.aws_s3_bucket_public_access_block.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_public_access_block" "anyscale_managed_s3_bucket" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + region                  = "us-west-2"
      + restrict_public_buckets = true
    }

  # module.kitchen_sink.aws_s3_bucket_server_side_encryption_configuration.anyscale_managed_s3_bucket[0]

  # module.kitchen_sink.aws_s3_bucket_versioning.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_versioning" "anyscale_managed_s3_bucket" {
      + bucket = (known after apply)
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + region                  = "us-west-2"
      + restrict_public_buckets = true
    }

  # module.kitchen_sink.aws_s3_bucket_server_side_encryption_configuration.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "anyscale_managed_s3_bucket" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + region = "us-west-2"

      + rule {
          + blocked_encryption_types = []
          + bucket_key_enabled       = false

          + apply_server_side_encryption_by_default {
              + sse_algorithm     = "AES256"
                # (1 unchanged attribute hidden)
            }
        }
    }

  # module.kitchen_sink.aws_s3_bucket_versioning.anyscale_managed_s3_bucket[0] will be created
  + resource "aws_s3_bucket_versioning" "anyscale_managed_s3_bucket" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + region = "us-west-2"

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

Plan: 10 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + all_defaults_arn    = (known after apply)
  + all_defaults_id     = (known after apply)
  + all_defaults_region = "us-west-2"
  + kitchen_sink_arn    = (known after apply)
  + kitchen_sink_id     = (known after apply)
  + kitchen_sink_region = "us-west-2"
  + test_no_resources   = {
      + s3_bucket_arn    = ""
      + s3_bucket_id     = ""
      + s3_bucket_region = ""
    }

Pull Request Type

  • Bugfix
  • New feature
  • Refactoring (no functional changes)
  • Documentation change
  • Other (please describe):

Does this introduce a breaking change?

  • Yes
  • No

Other information

@brycehuang30 @claude
feat(s3): add expose_headers to CORS rule default
a1d670d 
Add Accept-Ranges, Content-Range, and Content-Length to the default
expose_headers in the S3 CORS configuration to support range requests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@brycehuang30 brycehuang30 requested a review from a team as a code owner January 14, 2026 01:10
@brycehuang30 brycehuang30 marked this pull request as draft January 14, 2026 01:10
@brycehuang30 brycehuang30 changed the title update CORS Update CORS to support FileViewer Jan 14, 2026
@brycehuang30 brycehuang30 marked this pull request as ready for review January 15, 2026 22:53
@brycehuang30 brycehuang30 mentioned this pull request Jan 16, 2026
Merged
11 tasks
brent-anyscale
brent-anyscale approved these changes Jan 21, 2026
View reviewed changes
Copy link
Collaborator

@brent-anyscale brent-anyscale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@brent-anyscale brent-anyscale merged commit 62f16c9 into main Jan 21, 2026
4 checks passed
@brent-anyscale brent-anyscale deleted the bhuang/update-cors branch January 21, 2026 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brent-anyscale brent-anyscale brent-anyscale approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request terraform terraform-module-s3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brycehuang30 @brent-anyscale