openstack/swift
Code Issues Proposed changes

Merge "Fix duplication for headers in Access-Control-Expose-Headers"

Browse Source
This commit is contained in:
Jenkins 2015-12-22 05:13:14 +00:00 committed by Gerrit Code Review
commit 2087dedc95
2 changed files with 54 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
swift/proxy/controllers/base.py
View File

@ -235,17 +235,17 @@ def cors_validation(func):
# - headers provided by the user in
# x-container-meta-access-control-expose-headers
if 'Access-Control-Expose-Headers' not in resp.headers:
expose_headers = [
expose_headers = set([
'cache-control', 'content-language', 'content-type',
'expires', 'last-modified', 'pragma', 'etag',
'x-timestamp', 'x-trans-id']
'x-timestamp', 'x-trans-id'])
for header in resp.headers:
if header.startswith('X-Container-Meta') or \
header.startswith('X-Object-Meta'):
expose_headers.append(header.lower())
expose_headers.add(header.lower())
if cors_info.get('expose_headers'):
expose_headers.extend(
[header_line.strip()
expose_headers = expose_headers.union(
[header_line.strip().lower()
for header_line in
cors_info['expose_headers'].split(' ')
if header_line.strip()])

53
test/unit/proxy/test_server.py
View File

@ -5847,7 +5847,9 @@ class TestObjectController(unittest.TestCase):
def stubContainerInfo(*args):
return {
'cors': {
'allow_origin': 'http://not.foo.bar'
'allow_origin': 'http://not.foo.bar',
'expose_headers': 'X-Object-Meta-Color '
'X-Object-Meta-Color-Ex'
}
}
controller.container_info = stubContainerInfo
@ -5872,14 +5874,15 @@ class TestObjectController(unittest.TestCase):
self.assertEqual('red', resp.headers['x-object-meta-color'])
# X-Super-Secret is in the response, but not "exposed"
self.assertEqual('hush', resp.headers['x-super-secret'])
self.assertTrue('access-control-expose-headers' in resp.headers)
self.assertIn('access-control-expose-headers', resp.headers)
exposed = set(
h.strip() for h in
resp.headers['access-control-expose-headers'].split(','))
expected_exposed = set(['cache-control', 'content-language',
'content-type', 'expires', 'last-modified',
'pragma', 'etag', 'x-timestamp',
'x-trans-id', 'x-object-meta-color'])
'x-trans-id', 'x-object-meta-color',
'x-object-meta-color-ex'])
self.assertEqual(expected_exposed, exposed)
controller.app.strict_cors_mode = True
@ -5891,7 +5894,49 @@ class TestObjectController(unittest.TestCase):
resp = cors_validation(objectGET)(controller, req)
self.assertEqual(200, resp.status_int)
self.assertTrue('access-control-allow-origin' not in resp.headers)
self.assertNotIn('access-control-expose-headers', resp.headers)
self.assertNotIn('access-control-allow-origin', resp.headers)
controller.app.strict_cors_mode = False
def stubContainerInfoWithAsteriskAllowOrigin(*args):
return {
'cors': {
'allow_origin': '*'
}
}
controller.container_info = \
stubContainerInfoWithAsteriskAllowOrigin
req = Request.blank(
'/v1/a/c/o.jpg',
{'REQUEST_METHOD': 'GET'},
headers={'Origin': 'http://foo.bar'})
resp = cors_validation(objectGET)(controller, req)
self.assertEqual(200, resp.status_int)
self.assertEqual('*',
resp.headers['access-control-allow-origin'])
def stubContainerInfoWithEmptyAllowOrigin(*args):
return {
'cors': {
'allow_origin': ''
}
}
controller.container_info = stubContainerInfoWithEmptyAllowOrigin
req = Request.blank(
'/v1/a/c/o.jpg',
{'REQUEST_METHOD': 'GET'},
headers={'Origin': 'http://foo.bar'})
resp = cors_validation(objectGET)(controller, req)
self.assertEqual(200, resp.status_int)
self.assertEqual('http://foo.bar',
resp.headers['access-control-allow-origin'])
def test_CORS_valid_with_obj_headers(self):
with save_globals():