Bug 1041618 - [RFE][swift]: Change tempauth to check X-Auth-Token in HTTP cookies in addition to headers
Summary: [RFE][swift]: Change tempauth to check X-Auth-Token in HTTP cookies in additi...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/swif...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 18:17 UTC by RHOS Integration
Modified: 2015-03-19 17:13 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:13:25 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 18:17:21 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/swift/+spec/x-auth-token-in-cookies.

Description:

For Javascript/HTML based application it is not possible to send HTTP header for downloading file locally via clicking on a link. TempURL middleware requires exposure of a secret key, which is not desirable for Javascript/HTML application since source code is entirely on the client.

The proposed solution is to change tempauth to recognize "X-Auth-Token" cookie, which could be set by Javascript in the browser. Then it will be possible to download file from Swift by clicking a link.

Here is a patch for tempauth.py:

132c132
<         token = env.get('HTTP_X_AUTH_TOKEN', env.get('HTTP_X_STORAGE_TOKEN'))
---
>         token = env.get('HTTP_X_AUTH_TOKEN', env.get('HTTP_X_STORAGE_TOKEN', Request(env).cookies.get('X-Auth-Token')))


Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.