rgw: add cors header rule check in cors option request

author yuliyang <yuliyang@cmss.chinamobile.com>

Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)

committer yuliyang <yuliyang@cmss.chinamobile.com>

Sat, 4 Nov 2017 00:19:01 +0000 (08:19 +0800)
author yuliyang <yuliyang@cmss.chinamobile.com>
Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)
committer yuliyang <yuliyang@cmss.chinamobile.com>
Sat, 4 Nov 2017 00:19:01 +0000 (08:19 +0800)
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index ca9a6f40f70c506878812997c889bcd8f1149790..1559e5fffa6034c9345dbf32cf4b99f566d8b41f 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -887,6 +887,20 @@ static bool validate_cors_rule_method(RGWCORSRule *rule, const char *req_meth) {
    return true;
  }
  
+static bool validate_cors_rule_header(RGWCORSRule *rule, const char *req_hdrs) {
+  if (req_hdrs) {
+    vector<string> hdrs;
+    get_str_vec(req_hdrs, hdrs);
+    for (const auto& hdr : hdrs) {
+      if (!rule->is_header_allowed(hdr.c_str(), hdr.length())) {
+        dout(5) << "Header " << hdr << " is not registered in this rule" << dendl;
+        return false;
+      }
+    }
+  }
+  return true;
+}
+
  int RGWOp::read_bucket_cors()
  {
    bufferlist bl;
@@ -5089,6 +5103,11 @@ int RGWOptionsCORS::validate_cors_request(RGWCORSConfiguration *cc) {
    if (!validate_cors_rule_method(rule, req_meth)) {
      return -ENOENT;
    }
+
+  if (!validate_cors_rule_header(rule, req_hdrs)) {
+    return -ENOENT;
+  }
+
    return 0;
  }
author	yuliyang <yuliyang@cmss.chinamobile.com>
	Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)
committer	yuliyang <yuliyang@cmss.chinamobile.com>
	Sat, 4 Nov 2017 00:19:01 +0000 (08:19 +0800)