commit a7af802497f3b86d33cbee852500df456c316685
Author: Christian Schwede <email address hidden>
Date: Sat Aug 29 16:03:07 2015 +0000
Do not use pre-authenticated requests in staticweb
staticweb middleware uses make_pre_authed_env, this makes it possible to
anonymously list containers without any read acl set if the metadata
"web-listings: true" is set on a container. Using make_env enforces correct
read_acl validation; however it is now also required to add ".rlistings" to the
read acl.
Also, if the staticweb middleware is put in the proxy pipeline before an
authentication middleware, it broke authenticated GET and HEAD requests. This
has some side effects in clients, because a html response is sent that might be
parsed wrongly by the client. In case of python-swiftclient this was shown as an
empty container without any ACL or web-listings:true meta set. This might lead
to information leaks, because a user trusts the output from python-swiftclient
and assumes an empty, private container even if the container contains public
readable data. staticweb now checks if "swift.authorize" is included in the
environ and skips itself if not.
Reviewed: https:/ /review. openstack. org/227204 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=a7af802497f 3b86d33cbee8525 00df456c316685
Committed: https:/
Submitter: Jenkins
Branch: master
commit a7af802497f3b86 d33cbee852500df 456c316685
Author: Christian Schwede <email address hidden>
Date: Sat Aug 29 16:03:07 2015 +0000
Do not use pre-authenticated requests in staticweb
staticweb middleware uses make_pre_ authed_ env, this makes it possible to
anonymously list containers without any read acl set if the metadata
"web-listings: true" is set on a container. Using make_env enforces correct
read_acl validation; however it is now also required to add ".rlistings" to the
read acl.
Also, if the staticweb middleware is put in the proxy pipeline before an
authentication middleware, it broke authenticated GET and HEAD requests. This
has some side effects in clients, because a html response is sent that might be
parsed wrongly by the client. In case of python-swiftclient this was shown as an
empty container without any ACL or web-listings:true meta set. This might lead
to information leaks, because a user trusts the output from python-swiftclient
and assumes an empty, private container even if the container contains public
readable data. staticweb now checks if "swift.authorize" is included in the
environ and skips itself if not.
Closes-Bug: 1489749 481e710c5910db6 86bdcba6336 7e49796910ad80a 256b00daa03
Change-Id: Icf159d7e567ac5
Depends-On: Ie24bb995023c37