Project

General

Profile

Actions
Copy link

Fix #7043

closed

RGW CORS fixes for Access-Control-Request-Headers

Added by Robin Johnson over 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
cors, rgw
Backport:
dumpling, emperor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I was trying to use the RGW CORS support, and found that it flubbed handling of the Access-Control-Request-Headers header badly.

It was expecting Access-Control-Allow-Headers in the request where it should have taken the Access-Control-Request-Headers, and it was also validating the content in a case-sensitive manner, when the CORS standard (6.2.6) requires that headers are validated case-insensitive.

I have submitted a pull request with the fixes: https://github.com/ceph/ceph/pull/975

Should be backported to other versions if CORS is expected to work there.

Actions
Copy link
 #1

Updated by Yehuda Sadeh over 10 years ago

  • Status changed from New to 15
  • Backport set to dumpling, emperor

Merged with master, still pending on merge to dumpling, emperor.

Actions
Copy link
 #2

Updated by Yehuda Sadeh about 10 years ago

  • Status changed from 15 to Resolved

3 related commits landed dumpling at commit:fdea76ef6f7d7c4ee89c30d430f5495072023957, commit:da2267a87e37afa28385e915a566de26fd784b70, and commit:585e0e7eec1bbee60fe352166b593d53476003f8.

Actions
Copy link

Also available in: Atom PDF