[infra] Allowlist x-client-version (#6036)

2025-05-26 09:54:07 +05:30
parent 95f10e5a45 860760784a
commit 185759d234
5 changed files with 14 additions and 14 deletions
--- a/docs/docs/self-hosting/troubleshooting/uploads.md
+++ b/docs/docs/self-hosting/troubleshooting/uploads.md
@@ -3,14 +3,14 @@ title: Uploads
 description: Fixing upload errors when trying to self host Ente
 ---

-# Troubleshooting upload failures 
+# Troubleshooting upload failures

 Here are some errors our community members frequently encountered with the
 context and potential fixes.

 Fundamentally in most situations, the problem is because of minor mistakes or
-misconfiguration. Please make sure to reverse proxy museum and MinIO API 
-endpoint to a domain and check your S3 credentials and whole configuration 
+misconfiguration. Please make sure to reverse proxy museum and MinIO API
+endpoint to a domain and check your S3 credentials and whole configuration
 file for any minor misconfigurations.

 It is also suggested that the user setups bucket CORS on MinIO or any external
@@ -21,10 +21,10 @@ this](/self-hosting/troubleshooting/bucket-cors).

 S3 is an cloud storage protocol made by Amazon (specifically AWS). S3 is designed to store
 files and data as objects inside Buckets and it is mostly used for Online
-Backups and storing different types of files. 
+Backups and storing different types of files.

-Ente's Docker setup is shipped with [MinIO](https://min.io/) as its default S3 provider. 
-MinIO supports the Amazon S3 protocol and leverages your disk storage to 
+Ente's Docker setup is shipped with [MinIO](https://min.io/) as its default S3 provider.
+MinIO supports the Amazon S3 protocol and leverages your disk storage to
 dump all the uploaded files as encrypted object blobs.

 ## 403 Forbidden
@@ -40,15 +40,15 @@ This could be because

 1.  The bucket CORS rules do not allow museum to access these objects. For
    uploading files from the browser, you will need to set `allowedOrigins` to
-    `*`, and allow the `X-Auth-Token`, `X-Client-Package` headers configuration
-    too. [Here is an example of a working
+    `*`, and allow the `X-Auth-Token`, `X-Client-Package`, `X-Client-Version`
+    headers configuration too. [Here is an example of a working
    configuration](https://github.com/ente-io/ente/discussions/1764#discussioncomment-9478204).

 2.  The credentials are not being picked up (you might be setting the correct
    credentials, but not in the place where museum reads them from).

-## Mismatch in file size 
+## Mismatch in file size

 The "Mismatch in file size" error mostly occurs in a situation where the client is re-uploading a file which is already in the bucket with a different
 file size. The reason for re-upload could be anything including network issue,
-sudden killing of app before the upload is complete and etc. 
+sudden killing of app before the upload is complete and etc.
--- a/infra/workers/files/src/index.ts
+++ b/infra/workers/files/src/index.ts
@@ -21,7 +21,7 @@ const handleOPTIONS = (request: Request) => {
        headers: {
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "GET, OPTIONS",
-            "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package",
+            "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package, X-Client-Version",
            "Access-Control-Max-Age": "86400",
        },
    });
--- a/infra/workers/public-albums/src/index.ts
+++ b/infra/workers/public-albums/src/index.ts
@@ -22,7 +22,7 @@ const handleOPTIONS = (request: Request) => {
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "GET, OPTIONS",
            "Access-Control-Allow-Headers":
-                "X-Auth-Access-Token, X-Auth-Access-Token-JWT, X-Client-Package",
+                "X-Auth-Access-Token, X-Auth-Access-Token-JWT, X-Client-Package, X-Client-Version",
            "Access-Control-Max-Age": "86400",
        },
    });
--- a/infra/workers/thumbnails/src/index.ts
+++ b/infra/workers/thumbnails/src/index.ts
@@ -21,7 +21,7 @@ const handleOPTIONS = (request: Request) => {
        headers: {
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "GET, OPTIONS",
-            "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package",
+            "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package, X-Client-Version",
            "Access-Control-Max-Age": "86400",
        },
    });
--- a/infra/workers/uploader/src/index.ts
+++ b/infra/workers/uploader/src/index.ts
@@ -28,7 +28,7 @@ const handleOPTIONS = (request: Request) => {
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "POST, PUT, OPTIONS",
            "Access-Control-Allow-Headers":
-                "Content-Type, UPLOAD-URL, X-Client-Package",
+                "Content-Type, UPLOAD-URL, X-Client-Package, X-Client-Version",
            "Access-Control-Expose-Headers": "X-Request-Id, CF-Ray",
            "Access-Control-Max-Age": "86400",
        },