Actions
Fix #7043
closedRGW CORS fixes for Access-Control-Request-Headers
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Community (user)
Tags:
cors, rgw
Backport:
dumpling, emperor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
I was trying to use the RGW CORS support, and found that it flubbed handling of the Access-Control-Request-Headers header badly.
It was expecting Access-Control-Allow-Headers in the request where it should have taken the Access-Control-Request-Headers, and it was also validating the content in a case-sensitive manner, when the CORS standard (6.2.6) requires that headers are validated case-insensitive.
I have submitted a pull request with the fixes: https://github.com/ceph/ceph/pull/975
Should be backported to other versions if CORS is expected to work there.
Actions