diff --git a/bin/swift-temp-url b/bin/swift-temp-url
index da7595a753..1448f2601d 100755
--- a/bin/swift-temp-url
+++ b/bin/swift-temp-url
@@ -13,8 +13,7 @@ if __name__ == '__main__':
print 'Syntax: %s <method> <seconds> <path> <key>' % prog
print
print 'Where:'
- print ' <method> The method to allow, GET or PUT.'
- print ' Note: HEAD will also be allowed.'
+ print ' <method> The method to allow; GET for example.'
print ' <seconds> The number of seconds from now to allow requests.'
print ' <path> The full path to the resource.'
print ' Example: /v1/AUTH_account/c/o'
@@ -35,9 +34,6 @@ if __name__ == '__main__':
'temp_url_expires=1323482948'
exit(1)
method, seconds, path, key = argv[1:]
- if method not in ('GET', 'PUT'):
- print 'Please use either the GET or PUT method.'
- exit(1)
try:
expires = int(time() + int(seconds))
except ValueError:
diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index c05a345c88..edeaabbdaf 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -282,6 +282,8 @@ use = egg:swift#staticweb
# Note: Put tempurl just before your auth filter(s) in the pipeline
[filter:tempurl]
use = egg:swift#tempurl
+# The methods allowed with Temp URLs.
+# methods = GET HEAD PUT
#
# The headers to remove from incoming requests. Simply a whitespace delimited
# list of header names and names can optionally end with '*' to indicate a
diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py
index a4bd2612a5..ea2f0633c1 100644
--- a/swift/common/middleware/tempurl.py
+++ b/swift/common/middleware/tempurl.py
@@ -173,6 +173,9 @@ class TempURL(object):
#: The filter configuration dict.
self.conf = conf
+ #: The methods allowed with Temp URLs.
+ self.methods = conf.get('methods', 'GET HEAD PUT').split()
+
headers = DEFAULT_INCOMING_REMOVE_HEADERS
if 'incoming_remove_headers' in conf:
headers = conf['incoming_remove_headers']
@@ -290,14 +293,15 @@ class TempURL(object):
def _get_account(self, env):
"""
- Returns just the account for the request, if it's an object GET, PUT,
- or HEAD request; otherwise, None is returned.
+ Returns just the account for the request, if it's an object
+ request and one of the configured methods; otherwise, None is
+ returned.
:param env: The WSGI environment for the request.
:returns: Account str or None.
"""
account = None
- if env['REQUEST_METHOD'] in ('GET', 'PUT', 'HEAD'):
+ if env['REQUEST_METHOD'] in self.methods:
parts = env['PATH_INFO'].split('/', 4)
# Must be five parts, ['', 'v1', 'a', 'c', 'o'], must be a v1
# request, have account, container, and object values, and the
diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py
index 6345aa6369..23e3f2900c 100644
--- a/test/unit/common/middleware/test_tempurl.py
+++ b/test/unit/common/middleware/test_tempurl.py
@@ -336,6 +336,22 @@ class TestTempURL(unittest.TestCase):
self.assertEquals(resp.status_int, 401)
self.assertTrue('Temp URL invalid' in resp.body)
+ def test_delete_allowed_with_conf(self):
+ self.tempurl.methods.append('DELETE')
+ method = 'DELETE'
+ expires = int(time() + 86400)
+ path = '/v1/a/c/o'
+ key = 'abc'
+ hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ sig = hmac.new(key, hmac_body, sha1).hexdigest()
+ req = self._make_request(path,
+ environ={'REQUEST_METHOD': 'DELETE',
+ 'QUERY_STRING':
+ 'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)})
+ req.environ['swift.cache'].set('temp-url-key/a', key)
+ resp = req.get_response(self.tempurl)
+ self.assertEquals(resp.status_int, 404)
+
def test_unknown_not_allowed(self):
method = 'UNKNOWN'
expires = int(time() + 86400)