2302281 – [7.1z backport] [CEE]CORS ACL's prevents access to buckets with presigned PUT URI's

Bug 2302281 - [7.1z backport] [CEE]CORS ACL's prevents access to buckets with presigned PUT URI's

Summary: [7.1z backport] [CEE]CORS ACL's prevents access to buckets with presigned PUT...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	7.1
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	7.1z2
Assignee:	Matt Benjamin (redhat)
QA Contact:	Hemanth Sai
Docs Contact:
URL:
Whiteboard:
Depends On:	2299642
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-01 16:23 UTC by Matt Benjamin (redhat)
Modified:	2025-06-01 04:25 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ceph-18.2.1-235.el9cp
Doc Type:	Bug Fix
Doc Text:	Previously, a change in processing of HTTP option requests containing CORS changed the implied AWSv4 request signature calculation for some pre-signed URLs when authentication was done through Keystone EC2 (implies Swift S3 emulation). As a result, the properly constructed pre-signed HTTP PUT urls failed unexpectedly with a 403/Access Denied error. With this fix, a new workflow for CORS HTTP options is introduced for the Keystone EC2 case and the pre-signed URLs are not unexpectedly denied.
Clone Of:	2299642
Environment:
Last Closed:	2024-11-07 14:39:36 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-9452	None	None	None	2024-08-01 16:23:49 UTC
Red Hat Knowledge Base (Solution)	7084669	None	None	None	2024-08-28 18:01:20 UTC
Red Hat Product Errata	RHBA-2024:9010	None	None	None	2024-11-07 14:39:40 UTC

Description Matt Benjamin (redhat) 2024-08-01 16:23:25 UTC

+++ This bug was initially created as a clone of Bug #2299642 +++

Comment 3 Manny 2024-08-28 18:01:20 UTC

Please see KCS Article #7084669, (https://access.redhat.com/solutions/7084669) regarding this issue.

BR
Manny

Comment 10 errata-xmlrpc 2024-11-07 14:39:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:9010

Comment 11 Red Hat Bugzilla 2025-06-01 04:25:02 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.