commit 75ab3cb78862647644af7eaf5e0fb590e73ae341
Author: Alistair Coles <email address hidden>
Date: Wed Oct 14 15:49:35 2015 +0100
Stop staticweb revealing container existence to unauth'd requests
When a container has `X-Container-Meta-Web-Listings: false` then
staticweb will return a 404 in response to a GET or HEAD on the
container, regardless of whether the request is auth'd. That provides
a way to probe for container existence. It should return a 401 if the
request is not auth'd.
This patch adds a call to swift.authorize before returning the 404.
Reviewed: https:/ /review. openstack. org/248867 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=75ab3cb7886 2647644af7eaf5e 0fb590e73ae341
Committed: https:/
Submitter: Jenkins
Branch: master
commit 75ab3cb78862647 644af7eaf5e0fb5 90e73ae341
Author: Alistair Coles <email address hidden>
Date: Wed Oct 14 15:49:35 2015 +0100
Stop staticweb revealing container existence to unauth'd requests
When a container has `X-Container- Meta-Web- Listings: false` then
staticweb will return a 404 in response to a GET or HEAD on the
container, regardless of whether the request is auth'd. That provides
a way to probe for container existence. It should return a 401 if the
request is not auth'd.
This patch adds a call to swift.authorize before returning the 404.
Closes-Bug: 1506116 d67bf4494db7084 a860a10db59
Change-Id: I382323b49dc8f6