Ask Your Question
3

Swift CORS support for tempurl middleware

asked 2014-12-01 19:56:10 -0500

bgagnon gravatar image

Does OpenStack Swift Object Storage support cross-origin PUT requests (CORS) through the temporary url system?

Scenario:

  • generate temp url to non-existing object with method PUT in the signature
  • temp url is given to web page form
  • browser performs PUT request on the temp url with some data
  • browser's CORS security kicks in automatically
  • browser performs OPTIONS request on the tempurl
  • server responds with 401 Unauthorized : Temp URL invalid

Is this supposed to work? Must we add OPTIONS to the [filter:tempurl] section of /etc/swift/proxy-server.conf?

# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline
[filter:tempurl]
use = egg:swift#tempurl
# The methods allowed with Temp URLs.
methods = GET HEAD PUT POST DELETE

Must we add OPTIONS to the signature of the tempurl? What about the X-Container-Meta-Access-Control headers on the container?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-04-18 10:25:16 -0500

Schillinger gravatar image

For those who arrive here via Google...

Yes, but you must create a containerwith the proper CORS headers; see http://docs.openstack.org/developer/swift/cors.html (http://docs.openstack.org/developer/s...)

E.g.

swift post corstest -H X-Container-Meta-Access-Control-Allow-Origin:* -H X-Container-Meta-Access-Control-Expose-Headers:* -v

All objects put into this container now support CORS, including for requests using tempurls. This will take care of your issues with the 401 on the OPTIONS call.

There is no need to modify the tempurl filter, nor request for the object at the tempurl.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-12-01 19:54:24 -0500

Seen: 474 times

Last updated: Dec 01 '14

Related questions

S3 API presigned URLs - supported?

swift container-sync not working

Is there any scripts available to automate swift uploading?

define swift replica count by region?

Hi! When I am executing "swift stat" command I am getting Account HEAD failed: http://controller:8080/v1/AUTH_3babe56d610847c389f89c959f74dd44 503 Service Unavailable Failed Transaction ID: tx635b33ff8b4545afae451-00589b99db

How to install/deploy swift in Openstack

503 error running multiple-server

How to backup Swift

Swift ACLs based on roles or groups

Who uses openstack swift?