Actions
Bug #20797
closedrgw: putting X-Object-Manifest via TempURL should be prohibited
% Done:
0%
Source:
Development
Tags:
Backport:
luminous mimic nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Description
test.functional.test_tempurl:TestTempURLPrefix.test_PUT_manifest_access of Swift's functional tests enforces that.
It seems RadosGW lacks this check even in Hammer. Traffic dump made on quite recent master:
###### T 127.0.0.1:58976 -> 127.0.0.1:8000 [AP] PUT /v1/AUTH_test/713f16de3c1c4f03b9c52ec57ffd1c2f/004f0bcd1e17405797685b2178d1fa2d?temp_url_prefix=004f&temp_url_expires=1501256279&temp_url_sig=ac9a0e60b29705a645b092ad203973b625b2555a HTTP/1.1. Host: 127.0.0.1:8000. Accept-Encoding: identity. Content-Length: 0. x-object-manifest: some_random_container/foo. Content-Type: application/octet-stream. . #### T 127.0.0.1:8000 -> 127.0.0.1:58976 [AP] HTTP/1.1 201 Created. etag: d41d8cd98f00b204e9800998ecf8427e. Last-Modified: Thu, 27 Jul 2017 15:38:00 GMT. X-Trans-Id: tx0000000000000000000ab-00597a08d7-1112-default. X-Openstack-Request-Id: tx0000000000000000000ab-00597a08d7-1112-default. Content-Type: text/plain; charset=utf-8. Content-Length: 0. Date: Thu, 27 Jul 2017 15:38:00 GMT. .
Actions