The short-circuiting around OPTIONS requests [1] makes me nervous. If you've got a web app that uses tempurls, won't we still log the sig in the CORS pre-flight request? Similar concerns around the check for disallowed headers [2] -- and at that point, we *know* the sig is valid.
-1
The short-circuiting around OPTIONS requests [1] makes me nervous. If you've got a web app that uses tempurls, won't we still log the sig in the CORS pre-flight request? Similar concerns around the check for disallowed headers [2] -- and at that point, we *know* the sig is valid.
[1] https:/ /github. com/openstack/ swift/blob/ 2.13.0/ swift/common/ middleware/ tempurl. py#L395- L396 /github. com/openstack/ swift/blob/ 2.13.0/ swift/common/ middleware/ tempurl. py#L445
[2] https:/