Here's a couple more examples of how the existence or not of a container can be revealed to an unauth'd request:
With no trailing '/' on container path and web-listing=no, different response for an existing vs non-existing container:
% swift post -m 'web-listings: no ' c1
% swift post -r '' c1
% curl -X GET localhost:8080/v1/AUTH_test/c1 -is |grep HTTP
HTTP/1.1 301 Moved Permanently
% curl -X GET localhost:8080/v1/AUTH_test/nonexistent -is |grep HTTP
HTTP/1.1 401 Unauthorized
Using x-meta-web header, non-existent containers return a 404, but existing private containers with web-listings=true return a 401:
% swift post -m 'web-listings: yes ' c1
% swift post -r '' c1
% curl -X GET localhost:8080/v1/AUTH_test/c1/ -H 'x-web-mode: true' -is |grep HTTP
HTTP/1.1 401 Unauthorized
% curl -X GET localhost:8080/v1/AUTH_test/nonexistent/ -H 'x-web-mode: true' -is |grep HTTP
HTTP/1.1 404 Not Found
Here's a couple more examples of how the existence or not of a container can be revealed to an unauth'd request:
With no trailing '/' on container path and web-listing=no, different response for an existing vs non-existing container:
% swift post -m 'web-listings: no ' c1 8080/v1/ AUTH_test/ c1 -is |grep HTTP 8080/v1/ AUTH_test/ nonexistent -is |grep HTTP
% swift post -r '' c1
% curl -X GET localhost:
HTTP/1.1 301 Moved Permanently
% curl -X GET localhost:
HTTP/1.1 401 Unauthorized
Using x-meta-web header, non-existent containers return a 404, but existing private containers with web-listings=true return a 401:
% swift post -m 'web-listings: yes ' c1 8080/v1/ AUTH_test/ c1/ -H 'x-web-mode: true' -is |grep HTTP 8080/v1/ AUTH_test/ nonexistent/ -H 'x-web-mode: true' -is |grep HTTP
% swift post -r '' c1
% curl -X GET localhost:
HTTP/1.1 401 Unauthorized
% curl -X GET localhost:
HTTP/1.1 404 Not Found