Expected Behavior

I have this piece of code that I have been using for a few years now (with both S3 and Minio):

const fileExists = async (url: string): Promise<boolean> => {
  const response = await fetch(url, { method: 'HEAD' })
  return response.status !== 403
}

Returns true if the file exists.

I use it to check if a video exists in my Minio public bucket before playing it in a <video> tag.

Current Behavior

It still worked 2 weeks ago but one of the 3 latest releases (2024-05-10, 05-07 or 05-01) broke it, it now returns a CORS error. Even when the file exists (status 200). I tried in both the latest Chrome and Safari.

Here is the error in the console:

Access to fetch at 'xxx.mp4' from origin 'yyy' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I guess the resources had the 'Access-Control-Allow-Origin' header with * attached to them before but not anymore. I read the changes in https://github.com/minio/minio/releases and can't find what could have changed this behavior. I can't find either if there is a bucket setting to put the header back on the resources.

Regression

Yes
Most recent version (2024-05-10)

Please share the entire code, so that we can reproduce it locally. Right now there is no way for me to do that.

Closing this issue until a reproducer is shared.