Fix #7043
closedRGW CORS fixes for Access-Control-Request-Headers
0%
Description
I was trying to use the RGW CORS support, and found that it flubbed handling of the Access-Control-Request-Headers header badly.
It was expecting Access-Control-Allow-Headers in the request where it should have taken the Access-Control-Request-Headers, and it was also validating the content in a case-sensitive manner, when the CORS standard (6.2.6) requires that headers are validated case-insensitive.
I have submitted a pull request with the fixes: https://github.com/ceph/ceph/pull/975
Should be backported to other versions if CORS is expected to work there.
Updated by Yehuda Sadeh over 10 years ago
- Status changed from New to 15
- Backport set to dumpling, emperor
Merged with master, still pending on merge to dumpling, emperor.
Updated by Yehuda Sadeh about 10 years ago
- Status changed from 15 to Resolved
3 related commits landed dumpling at commit:fdea76ef6f7d7c4ee89c30d430f5495072023957, commit:da2267a87e37afa28385e915a566de26fd784b70, and commit:585e0e7eec1bbee60fe352166b593d53476003f8.