From c4a2313f4540c4512454788d4d4a3f330d5f65d3 Mon Sep 17 00:00:00 2001
From: Samuel Merritt <sam@swiftstack.com>
Date: Thu, 20 Mar 2014 18:53:54 -0700
Subject: [PATCH] Block X-Backend* in gatekeeper

By moving the blocking to gatekeeper from the proxy server, we gain
the ability to pass X-Backend headers in via InternalClient while
still keeping real clients from using them.

I wanted this functionality while working on storage policies; I had
an InternalClient and wanted to tell it to use a specific policy index
instead of what the container said, and that seemed like a good time
for an X-Backend header.

Change-Id: I4089e980d3cfca660365c7df799723b1f16ba277
---
 swift/common/middleware/gatekeeper.py          | 3 ++-
 swift/proxy/server.py                          | 5 -----
 test/unit/common/middleware/test_gatekeeper.py | 9 +++++++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/swift/common/middleware/gatekeeper.py b/swift/common/middleware/gatekeeper.py
index f645d1dd5e..5e680d0e27 100644
--- a/swift/common/middleware/gatekeeper.py
+++ b/swift/common/middleware/gatekeeper.py
@@ -45,7 +45,8 @@ import re
 # rather than prefix match.
 inbound_exclusions = [get_sys_meta_prefix('account'),
                       get_sys_meta_prefix('container'),
-                      get_sys_meta_prefix('object')]
+                      get_sys_meta_prefix('object'),
+                      'x-backend']
 # 'x-object-sysmeta' is reserved in anticipation of future support
 # for system metadata being applied to objects
 
diff --git a/swift/proxy/server.py b/swift/proxy/server.py
index 5b4a5b7b2d..f6af6e63c8 100644
--- a/swift/proxy/server.py
+++ b/swift/proxy/server.py
@@ -264,11 +264,6 @@ class Application(object):
         try:
             if self.memcache is None:
                 self.memcache = cache_from_env(env)
-            # Remove any x-backend-* headers since those are reserved for use
-            # by backends communicating with each other; no end user should be
-            # able to send those into the cluster.
-            for key in list(k for k in env if k.startswith('HTTP_X_BACKEND_')):
-                del env[key]
             req = self.update_request(Request(env))
             return self.handle_request(req)(env, start_response)
         except UnicodeError:
diff --git a/test/unit/common/middleware/test_gatekeeper.py b/test/unit/common/middleware/test_gatekeeper.py
index 0220eca911..846baecb76 100644
--- a/test/unit/common/middleware/test_gatekeeper.py
+++ b/test/unit/common/middleware/test_gatekeeper.py
@@ -68,8 +68,13 @@ class TestGatekeeper(unittest.TestCase):
                        'X-Container-Sysmeta-BAR': 'value',
                        'X-Object-Sysmeta-BAR': 'value'}
 
-    forbidden_headers_out = dict(sysmeta_headers)
-    forbidden_headers_in = dict(sysmeta_headers)
+    x_backend_headers = {'X-Backend-Replication': 'true',
+                         'X-Backend-Replication-Headers': 'stuff'}
+
+    forbidden_headers_out = dict(sysmeta_headers.items() +
+                                 x_backend_headers.items())
+    forbidden_headers_in = dict(sysmeta_headers.items() +
+                                x_backend_headers.items())
 
     def _assertHeadersEqual(self, expected, actual):
         for key in expected: