Merge "Remove check for valid Origin for the "actual request"."

2013-03-14 11:29:17 +00:00 · 2013-03-14 11:29:17 +00:00 · b115356af6
commit b115356af6
parent 8e58c9c2a9 f6e29b81d0
2 changed files with 0 additions and 51 deletions
--- a/swift/proxy/controllers/base.py
+++ b/swift/proxy/controllers/base.py
@ -165,9 +165,6 @@ def cors_validation(func):
                controller.container_info(controller.account_name,
                                          controller.container_name)
            cors_info = container_info.get('cors', {})
-            if not controller.is_origin_allowed(cors_info, req_origin):
-                # invalid CORS request
-                return Response(status=HTTP_UNAUTHORIZED)

            # Call through to the decorated method
            resp = func(*a, **kw)
--- a/test/unit/proxy/test_server.py
+++ b/test/unit/proxy/test_server.py
@ -4086,30 +4086,6 @@ class TestObjectController(unittest.TestCase):
                'x-auth-token, x-foo',
                sortHeaderNames(resp.headers['access-control-allow-headers']))

-    def test_CORS_invalid_origin(self):
-        with save_globals():
-            controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
-
-            def stubContainerInfo(*args):
-                return {
-                    'cors': {
-                        'allow_origin': 'http://baz'
-                    }
-                }
-            controller.container_info = stubContainerInfo
-
-            def objectGET(controller, req):
-                return Response()
-
-            req = Request.blank(
-                '/a/c/o.jpg',
-                {'REQUEST_METHOD': 'GET'},
-                headers={'Origin': 'http://foo.bar'})
-
-            resp = cors_validation(objectGET)(controller, req)
-
-            self.assertEquals(401, resp.status_int)
-
    def test_CORS_valid(self):
        with save_globals():
            controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
@ -4939,30 +4915,6 @@ class TestContainerController(unittest.TestCase):
                'x-auth-token, x-foo',
                sortHeaderNames(resp.headers['access-control-allow-headers']))

-    def test_CORS_invalid_origin(self):
-        with save_globals():
-            controller = proxy_server.ContainerController(self.app, 'a', 'c')
-
-            def stubContainerInfo(*args):
-                return {
-                    'cors': {
-                        'allow_origin': 'http://baz'
-                    }
-                }
-            controller.container_info = stubContainerInfo
-
-            def containerGET(controller, req):
-                return Response()
-
-            req = Request.blank(
-                '/a/c/o.jpg',
-                {'REQUEST_METHOD': 'GET'},
-                headers={'Origin': 'http://foo.bar'})
-
-            resp = cors_validation(containerGET)(controller, req)
-
-            self.assertEquals(401, resp.status_int)
-
    def test_CORS_valid(self):
        with save_globals():
            controller = proxy_server.ContainerController(self.app, 'a', 'c')