OpenStack Object Storage (swift)

  1. Bug #1506116
  2. Comment #13

Comment 13 for bug 1506116

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.openstack.org/248867
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=75ab3cb78862647644af7eaf5e0fb590e73ae341
Submitter: Jenkins
Branch: master

commit 75ab3cb78862647644af7eaf5e0fb590e73ae341
Author: Alistair Coles <email address hidden>
Date: Wed Oct 14 15:49:35 2015 +0100

    Stop staticweb revealing container existence to unauth'd requests

    When a container has `X-Container-Meta-Web-Listings: false` then
    staticweb will return a 404 in response to a GET or HEAD on the
    container, regardless of whether the request is auth'd. That provides
    a way to probe for container existence. It should return a 401 if the
    request is not auth'd.

    This patch adds a call to swift.authorize before returning the 404.

    Closes-Bug: 1506116
    Change-Id: I382323b49dc8f6d67bf4494db7084a860a10db59