s3api: Allow CORS preflight requests

Code Issues Proposed changes

Unfortunately, we can't identify the user, so we can't map to an
account, so we can't respect whatever CORS metadata might be set on the
container.
As a result, the allowed origins must be configured cluster-wide. Add a
new config option, cors_preflight_allow_origin, for that; default it
to blank (ie, deny preflights from all origins, preserving existing
behavior), but allow either a comma-separated list of origins or
* (to allow all origins).
Change-Id: I985143bf03125a05792e79bc5e5f83722d6431b3
Co-Authored-By: Matthew Oliver <matt@oliver.net.au>

This commit is contained in:

Tim Burke

2020年02月27日 16:25:44 -08:00

parent 81db980690

commit 27a734c78a

7 changed files with 161 additions and 11 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

6
etc/proxy-server.conf-sample

View File

@@ -629,6 +629,12 @@ use = egg:swift#s3api

# AWS allows clock skew up to 15 mins; note that older versions of swift/swift3

# allowed at most 5 mins.

# allowable_clock_skew = 900

#

# CORS preflight requests don't contain enough information for us to

# identify the account that should be used for the real request, so

# the allowed origins must be set cluster-wide. (default: blank; all

# preflight requests will be denied)

# cors_preflight_allow_origin =

# You can override the default log routing for this filter here:

# log_name = s3api

s3api: Allow CORS preflight requests

6 etc/proxy-server.conf-sample Unescape Escape View File

6
etc/proxy-server.conf-sample

View File