TempAuth and CORS is not working

Bug #1418530 reported by Rixn
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Confirmed
Low
Unassigned

Bug Description

Ubuntu - Swift All In One

tried set the `cors_allow_origin` in the proxy server config file, but still not work.

Test CORS Page:
Account:User<br><input id="user" type="text" size="32" value="test:tester"><br><br>
Password<br><input id="password" type="text" size="32" value="testing"><br><br>
Auth URL<br><input id="auth_url" size="64" type="text" value="http://101.xxx.xx.48:38580/auth/v1.0"><br><br>
<input id="getToken" type="button" value="Submit">
<pre id="auth_response_message" style="color: red"></pre>

<script>
$(function(){
         $("#getToken").click(function () {
          document.getElementById('token').value = null;
          document.getElementById('auth_response_message').textContent = null;

          var user = document.getElementById('user').value;
          var password = document.getElementById('password').value;
          var auth_url = document.getElementById('auth_url').value;

          var request = new XMLHttpRequest();

          request.onreadystatechange = function (oEvent) {
              if (request.readyState == 4) {
                  if (request.status == 200) {
                      document.getElementById('token').value = request.getResponseHeader('X-Auth-Token');
                      document.getElementById('url').value = request.getResponseHeader('X-Storage-Url') + '/[container/object name here]';
                  } else {
                      document.getElementById('auth_response_message').textContent = request.statusText || "Problem authenticating";
                  }
              }
          }

          request.open('GET', auth_url);
          request.setRequestHeader('X-Auth-User', user);
          request.setRequestHeader('X-Auth-Key', password);
          request.send(null);
      });
     });
<script>

Browser console log:
XMLHttpRequest cannot load http://101.xxx.xx.48:38580/auth/v1.0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 400.

Tags: cors tempauth
Rixn (n-xir)
description: updated
Revision history for this message
Janie Richling (jrichli) wrote :

Did you issue a preflight request with X-Container-Meta-Access-Control-Allow-Origin specified?

Revision history for this message
Tim Burke (1-tim-z) wrote :

Sure enough: cors_allow_origin gets used by the OPTIONS handler in proxy/controllers/base.py [1], while the only OPTIONS handling in tempauth is down in the authorize callback [2]. Tempauth really needs to know how to respond to CORS requests, probably around [3].

[1] https://github.com/openstack/swift/blob/2.15.1/swift/proxy/controllers/base.py#L1908
[2] https://github.com/openstack/swift/blob/2.15.1/swift/common/middleware/tempauth.py#L587-L590
[3] https://github.com/openstack/swift/blob/2.15.1/swift/common/middleware/tempauth.py#L686-L687

Changed in swift:
status: New → Confirmed
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.