Comment 9 for bug 1489749

We should consider the middleware ordering as a security issue in openstack/puppet-swift.

Draft Impact Description:

When adding ::swift::proxy::staticweb class, 'staticweb' middleware section will be added before Keystone options but the staticweb middleware needs to be put after authentication middlewares to
ensure correct functionality as documented in
http://docs.openstack.org/developer/swift/middleware.html#staticweb

Without this Swift sends a HTML response even if the request was done using a
X-Auth-Token. This might result in a faulty handling of the response on the client
side; for example, "swift stat containername" would report an empty, private container,
while the container might actually be public readable with data stored in it.

We are about to submit a patch that fix the issue and backport it until stable branches (Kilo, Juno and Icehouse).