Bug #8718
closedCORS OPTIONS request fails for presigned urls
0%
Description
We are able to create a bucket and then apply a CORS configuration to the bucket. We are then able to create a pre-generated PUT url that we then send back to the client (hosted on a different domain). However, the CORS preflight (Options) request fails with 403. 403 usually signifies a signature mismatch. Against AWS our code works great. However, Ceph fails on the OPTIONS request with 403. Since the OPTIONS fails, CORS fails. We tracked it down (we think) to a possible flaw in RADOSGW in how it creates the auth header...it doesnt match the signing process used by the amazon SDK. For example:
AWS Java auth hdr that gets signed:
PUT image/jpeg 1404252781 x-amz-meta-origfile:Desert.jpg /virbsupport/78946140-4638-4338-b765-6f701c453a89?response-content-disposition=attachment; filename=Desert.jpg
And in Ceph debug logs:
OPTIONS 1404252781 /virbsupport/78946140-4638-4338-b765-6f701c453a89?response-content-disposition=attachment; filename=Desert.jpg
Obviously we are missing the Content-Type and any "x-amz-meta*" header that was supposed to be included. Those we could potentially live without and we could just not include them on the original pregenerated url. However, notice the method. RADOSGW I think should be using the "Access-Control-Request-Method" as the method in the signature...not the actual OPTIONS method being used for the preflight request.
We are running 0.80 on centos.
Updated by Sage Weil almost 10 years ago
- Priority changed from Normal to High
- Source changed from other to Community (user)
Updated by Yehuda Sadeh over 9 years ago
I pushed some fix to wip-8718. However, further investigation shows that we shouldn't even try to authenticate in a CORS preflight request.
Updated by Yehuda Sadeh over 9 years ago
- Status changed from New to Fix Under Review
- Backport set to firefly
Updated by Sage Weil over 9 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Sage Weil over 9 years ago
- Status changed from Pending Backport to Resolved
6fee71154d838868807fd9824d829c8250d9d2eb