openstack/swift
Code Issues Proposed changes

Merge "Remove check for valid Origin for the "actual request"."

Browse Source
This commit is contained in:
Jenkins 2013-03-14 11:29:17 +00:00 committed by Gerrit Code Review
commit b115356af6
2 changed files with 0 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
swift/proxy/controllers/base.py
View File

@ -165,9 +165,6 @@ def cors_validation(func):
controller.container_info(controller.account_name, controller.container_info(controller.account_name,
controller.container_name) controller.container_name)
cors_info = container_info.get('cors', {}) cors_info = container_info.get('cors', {})
if not controller.is_origin_allowed(cors_info, req_origin):
# invalid CORS request
return Response(status=HTTP_UNAUTHORIZED)
# Call through to the decorated method # Call through to the decorated method
resp = func(*a, **kw) resp = func(*a, **kw)

48
test/unit/proxy/test_server.py
View File

@ -4086,30 +4086,6 @@ class TestObjectController(unittest.TestCase):
'x-auth-token, x-foo', 'x-auth-token, x-foo',
sortHeaderNames(resp.headers['access-control-allow-headers'])) sortHeaderNames(resp.headers['access-control-allow-headers']))
def test_CORS_invalid_origin(self):
with save_globals():
controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
def stubContainerInfo(*args):
return {
'cors': {
'allow_origin': 'http://baz'
}
}
controller.container_info = stubContainerInfo
def objectGET(controller, req):
return Response()
req = Request.blank(
'/a/c/o.jpg',
{'REQUEST_METHOD': 'GET'},
headers={'Origin': 'http://foo.bar'})
resp = cors_validation(objectGET)(controller, req)
self.assertEquals(401, resp.status_int)
def test_CORS_valid(self): def test_CORS_valid(self):
with save_globals(): with save_globals():
controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o') controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
@ -4939,30 +4915,6 @@ class TestContainerController(unittest.TestCase):
'x-auth-token, x-foo', 'x-auth-token, x-foo',
sortHeaderNames(resp.headers['access-control-allow-headers'])) sortHeaderNames(resp.headers['access-control-allow-headers']))
def test_CORS_invalid_origin(self):
with save_globals():
controller = proxy_server.ContainerController(self.app, 'a', 'c')
def stubContainerInfo(*args):
return {
'cors': {
'allow_origin': 'http://baz'
}
}
controller.container_info = stubContainerInfo
def containerGET(controller, req):
return Response()
req = Request.blank(
'/a/c/o.jpg',
{'REQUEST_METHOD': 'GET'},
headers={'Origin': 'http://foo.bar'})
resp = cors_validation(containerGET)(controller, req)
self.assertEquals(401, resp.status_int)
def test_CORS_valid(self): def test_CORS_valid(self):
with save_globals(): with save_globals():
controller = proxy_server.ContainerController(self.app, 'a', 'c') controller = proxy_server.ContainerController(self.app, 'a', 'c')