Comment 12 for bug 1506116

Here's a couple more examples of how the existence or not of a container can be revealed to an unauth'd request:

With no trailing '/' on container path and web-listing=no, different response for an existing vs non-existing container:

% swift post -m 'web-listings: no ' c1
% swift post -r '' c1
% curl -X GET localhost:8080/v1/AUTH_test/c1 -is |grep HTTP
HTTP/1.1 301 Moved Permanently
% curl -X GET localhost:8080/v1/AUTH_test/nonexistent -is |grep HTTP
HTTP/1.1 401 Unauthorized

Using x-meta-web header, non-existent containers return a 404, but existing private containers with web-listings=true return a 401:

% swift post -m 'web-listings: yes ' c1
% swift post -r '' c1
% curl -X GET localhost:8080/v1/AUTH_test/c1/ -H 'x-web-mode: true' -is |grep HTTP
HTTP/1.1 401 Unauthorized
% curl -X GET localhost:8080/v1/AUTH_test/nonexistent/ -H 'x-web-mode: true' -is |grep HTTP
HTTP/1.1 404 Not Found