fix: update CORS config to include write methods and wildcard headers

[v-kessler]

Changes

• Add POST, PUT, DELETE to AllowedMethods (previously read-only with GET, HEAD)
• Use wildcard (*) for AllowedHeaders instead of listing specific headers
• Update ExposeHeaders to ETag and x-amz-version-id
• Update dialog description and explanation table to reflect read+write scope

Summary by CodeRabbit

• Documentation
  • Updated CORS configuration guidance to support read and write operations for Iceberg data from object storage with expanded HTTP methods and adjusted header policies.

[coderabbitai]

Walkthrough

Updates CORS configuration guidance in the dialog component from read-only Iceberg metadata access to read/write Iceberg data operations, broadening HTTP methods, expanding headers, and adjusting cache and exposure settings accordingly.

Changes

Cohort / File(s)	Summary
CORS Configuration Dialog src/components/CorsConfigDialog.vue	Updated guidance text to reference reading and writing Iceberg data; broadened AllowedMethods from GET/HEAD to include POST/PUT/DELETE; expanded AllowedHeaders to *; narrowed ExposeHeaders to ETag and x-amz-version-id; reduced MaxAgeSeconds from 3600 to 3000; updated table explanations to reflect read/write semantics.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Hop hop, the CORS gates now swing wide,
From reading alone to write with pride,
Headers dance free, methods multiply fast,
Iceberg data flows where metadata was cast! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main change: updating CORS configuration to support write methods (POST, PUT, DELETE) and using wildcard headers, which aligns with the primary objectives of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/cors-config-read-write

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/components/CorsConfigDialog.vue`:
- Around line 59-60: The sample and description referencing AllowedHeaders
currently imply that AllowedHeaders: * covers Authorization which is incorrect;
update the AllowedHeaders sample in CorsConfigDialog.vue (the AllowedHeaders
sample and its descriptive text) to explicitly include "Authorization" (e.g.,
list Authorization, Range, Content-Type, etc.) or else change the description to
state that Authorization is not covered by a wildcard and must be listed when
credentialed requests are used; modify the text near the AllowedHeaders sample
and the sample value itself so they are consistent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d6fbf9f7-b5fe-463c-bac0-a3e7475b4b63

📥 Commits

Reviewing files that changed from the base of the PR and between 29d285a and f641ba4.

📒 Files selected for processing (1)

• src/components/CorsConfigDialog.vue