| 2016-01-29 23:05:54 |
clayg |
bug |
|
|
added bug |
| 2016-01-29 23:09:12 |
clayg |
description |
tempurl adds a Content-Disposition header for you to notate that an object should be downloaded instead of displayed inline
I'm guessing this is *not* what you want most of the time (since it mainly only matters in browsers, and browsers are better at we are at doing the right thing based on the content-type) - but nevertheless - it's always been this way [1]
The really *bad* part of this behavior is that we only do it to GETs. If you make a HEAD request (say via -I with curl) you have *no idea* that the headers are different between a tempurl request and a x-auth-token request.
I'm pretty sure HTTP says you're not supposed do different things for HEAD than you would do with GET wrt to the headers and status etc [2]
I think we just need to change the explicit check of `method == 'GET'` to a `method in ('GET', 'HEAD')` and then write a unittest and shit it! [3]
1. 7fc1721d was hard to find because of great extract all the middleware fiasco of '12
2. https://tools.ietf.org/html/rfc2616#section-9.4
3. https://github.com/openstack/swift/blob/a507d686d29825832f1760db6ab909ba6eb778d5/swift/common/middleware/tempurl.py#L402 |
tempurl adds a Content-Disposition header for you to notate that an object should be downloaded instead of displayed inline
I'm guessing this is *not* what you want most of the time (since it mainly only matters in browsers, and browsers are better at we are at doing the right thing based on the content-type) - but nevertheless - it's always been this way [1]
The really *bad* part of this behavior is that we only do it to GETs. If you make a HEAD request (say via -I with curl) you have *no idea* that the headers are different between a tempurl request and a x-auth-token request.
I'm pretty sure HTTP says you're not supposed do different things for HEAD than you would do with GET wrt to the headers and status etc [2]
I think we just need to change the explicit check of `method == 'GET'` to a `method in ('GET', 'HEAD')` and then write a unittest and ship it! [3]
1. 7fc1721d was hard to find because of great extract all the middleware fiasco of '12
2. https://tools.ietf.org/html/rfc2616#section-9.4
3. https://github.com/openstack/swift/blob/a507d686d29825832f1760db6ab909ba6eb778d5/swift/common/middleware/tempurl.py#L402 |
|
| 2016-01-30 03:43:18 |
clayg |
description |
tempurl adds a Content-Disposition header for you to notate that an object should be downloaded instead of displayed inline
I'm guessing this is *not* what you want most of the time (since it mainly only matters in browsers, and browsers are better at we are at doing the right thing based on the content-type) - but nevertheless - it's always been this way [1]
The really *bad* part of this behavior is that we only do it to GETs. If you make a HEAD request (say via -I with curl) you have *no idea* that the headers are different between a tempurl request and a x-auth-token request.
I'm pretty sure HTTP says you're not supposed do different things for HEAD than you would do with GET wrt to the headers and status etc [2]
I think we just need to change the explicit check of `method == 'GET'` to a `method in ('GET', 'HEAD')` and then write a unittest and ship it! [3]
1. 7fc1721d was hard to find because of great extract all the middleware fiasco of '12
2. https://tools.ietf.org/html/rfc2616#section-9.4
3. https://github.com/openstack/swift/blob/a507d686d29825832f1760db6ab909ba6eb778d5/swift/common/middleware/tempurl.py#L402 |
tempurl adds a Content-Disposition header for you to notate that an object should be downloaded instead of displayed inline
I'm guessing this is *not* what you want most of the time (since it mainly only matters in browsers, and browsers are better than we are at doing the right thing based on the content-type) - but nevertheless - it's always been this way [1]
The really *bad* part of this behavior is that we only do it to GETs. If you make a HEAD request (say via -I with curl) you have *no idea* that the headers are different between a tempurl request and a x-auth-token request.
I'm pretty sure HTTP says you're not supposed do different things for HEAD than you would do with GET wrt to the headers and status etc [2]
I think we just need to change the explicit check of `method == 'GET'` to a `method in ('GET', 'HEAD')` and then write a unittest and ship it! [3]
1. 7fc1721d was hard to find because of the great extract all the middleware fiasco of '12
2. https://tools.ietf.org/html/rfc2616#section-9.4
3. https://github.com/openstack/swift/blob/a507d686d29825832f1760db6ab909ba6eb778d5/swift/common/middleware/tempurl.py#L402 |
|
| 2016-03-16 03:46:00 |
David Liu |
swift: assignee |
|
David Liu (lzbj) |
|
| 2016-03-24 08:17:12 |
OpenStack Infra |
swift: status |
New |
In Progress |
|
| 2016-03-24 22:19:27 |
OpenStack Infra |
swift: status |
In Progress |
Fix Released |
|
| 2016-03-31 15:45:40 |
OpenStack Infra |
tags |
low-hanging-fruit |
in-feature-crypto low-hanging-fruit |
|
| 2016-05-31 23:39:30 |
OpenStack Infra |
tags |
in-feature-crypto low-hanging-fruit |
in-feature-crypto in-feature-hummingbird low-hanging-fruit |
|
