Comment 7 for bug 1685798
Revision history for this message
| Tim Burke (1-tim-z) wrote Re: Swift tempurl middleware reveals signatures in the logfiles | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
-1
The short-circuiting around OPTIONS requests [1] makes me nervous. If you've got a web app that uses tempurls, won't we still log the sig in the CORS pre-flight request? Similar concerns around the check for disallowed headers [2] -- and at that point, we *know* the sig is valid.
[1] https:/
[2] https:/