rgw: add cors header rule check in cors option request

author yuliyang <yuliyang@cmss.chinamobile.com>

Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)

committer Shinobu Kinjo <shinobu@redhat.com>

Mon, 20 Nov 2017 20:11:14 +0000 (05:11 +0900)
author yuliyang <yuliyang@cmss.chinamobile.com>
Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)
committer Shinobu Kinjo <shinobu@redhat.com>
Mon, 20 Nov 2017 20:11:14 +0000 (05:11 +0900)
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index 11fdbd4ebc3fdb95863baf710c0cd52da11a9574..312252c941351997bb27536db7e3d927fb1f312d 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -887,6 +887,20 @@ static bool validate_cors_rule_method(RGWCORSRule *rule, const char *req_meth) {
    return true;
  }
  
+static bool validate_cors_rule_header(RGWCORSRule *rule, const char *req_hdrs) {
+  if (req_hdrs) {
+    vector<string> hdrs;
+    get_str_vec(req_hdrs, hdrs);
+    for (const auto& hdr : hdrs) {
+      if (!rule->is_header_allowed(hdr.c_str(), hdr.length())) {
+        dout(5) << "Header " << hdr << " is not registered in this rule" << dendl;
+        return false;
+      }
+    }
+  }
+  return true;
+}
+
  int RGWOp::read_bucket_cors()
  {
    bufferlist bl;
@@ -5075,6 +5089,11 @@ int RGWOptionsCORS::validate_cors_request(RGWCORSConfiguration *cc) {
    if (!validate_cors_rule_method(rule, req_meth)) {
      return -ENOENT;
    }
+
+  if (!validate_cors_rule_header(rule, req_hdrs)) {
+    return -ENOENT;
+  }
+
    return 0;
  }
author	yuliyang <yuliyang@cmss.chinamobile.com>
	Thu, 26 Oct 2017 06:35:56 +0000 (14:35 +0800)
committer	Shinobu Kinjo <shinobu@redhat.com>
	Mon, 20 Nov 2017 20:11:14 +0000 (05:11 +0900)