git.apps.os.sepia.ceph.com Git

author	Wido den Hollander <wido@42on.com>
	Tue, 5 Apr 2016 09:14:16 +0000 (11:14 +0200)
committer	Wido den Hollander <wido@42on.com>
	Sun, 3 Jul 2016 09:10:55 +0000 (11:10 +0200)
commit	ed4ca7c92cdf7404754dab6f9d58c64b647136c5
tree	6082ee02c323cd6af6952e35647783bd95c96f72	tree \| snapshot
parent	dac65d048919f701877de96d3271131853e532ed	commit \| diff

rgw: Set Access-Control-Allow-Origin to a Asterisk if allowed in a rule

Before this patch the RGW would respond with the Origin send by the client in the request
if a wildcard/asterisk was specified as a valid Origin.

This patch makes sure we respond with a header like this:

Access-Control-Allow-Origin: *

This way a resource can be used on different Origins by the same browser and that browser
will use the content as the asterisk.

We also keep in mind that when Authorization is send by the client different rules apply.
In the case of Authorization we may not respond with an Asterisk, but we do have to
add the Vary header with 'Origin' as a value to let the browser know that for different
Origins it has to perform a new request.

More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Fixes: #15348
Signed-off-by: Wido den Hollander <wido@42on.com>
(cherry picked from commit 0021e224480c7164330eaa7cc1078bb8795169bf)

Conflicts:
src/rgw/rgw_rest.cc
hammer still uses s->cio->print() where master uses STREAM_IO(s)->print()

src/rgw/rgw_cors.cc		diff \| blob \| history
src/rgw/rgw_cors.h		diff \| blob \| history
src/rgw/rgw_op.cc		diff \| blob \| history
src/rgw/rgw_rest.cc		diff \| blob \| history