From: yuliyang <yuliyang@cmss.chinamobile.com>
Date: Thu, 26 Oct 2017 06:35:56 +0000 (+0800)
Subject: rgw: add cors header rule check in cors option request
X-Git-Tag: v13.0.1~266^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F18556%2Fhead;p=ceph.git

rgw: add cors header rule check in cors option request

fix http://tracker.ceph.com/issues/22002

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index ca9a6f40f70c..1559e5fffa60 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -887,6 +887,20 @@ static bool validate_cors_rule_method(RGWCORSRule *rule, const char *req_meth) {
   return true;
 }
 
+static bool validate_cors_rule_header(RGWCORSRule *rule, const char *req_hdrs) {
+  if (req_hdrs) {
+    vector<string> hdrs;
+    get_str_vec(req_hdrs, hdrs);
+    for (const auto& hdr : hdrs) {
+      if (!rule->is_header_allowed(hdr.c_str(), hdr.length())) {
+        dout(5) << "Header " << hdr << " is not registered in this rule" << dendl;
+        return false;
+      }
+    }
+  }
+  return true;
+}
+
 int RGWOp::read_bucket_cors()
 {
   bufferlist bl;
@@ -5089,6 +5103,11 @@ int RGWOptionsCORS::validate_cors_request(RGWCORSConfiguration *cc) {
   if (!validate_cors_rule_method(rule, req_meth)) {
     return -ENOENT;
   }
+
+  if (!validate_cors_rule_header(rule, req_hdrs)) {
+    return -ENOENT;
+  }
+
   return 0;
 }