Remove check for valid Origin for the "actual request".

The only place in the spec that I could see the Origin being checked was during the pre-flight OPTIONS request. If it gets to the actual request let auth decide. Please correct me if this is wrong. Change-Id: Ic31b71746ec056091c7778ebff3db7becc32bd9c
2013-03-13 13:43:19 -07:00 · 2013-03-13 13:43:19 -07:00 · f6e29b81d0
commit f6e29b81d0
parent 7fd4323a69
2 changed files with 0 additions and 51 deletions
--- a/swift/proxy/controllers/base.py
+++ b/swift/proxy/controllers/base.py
@ -165,9 +165,6 @@ def cors_validation(func):
                controller.container_info(controller.account_name,
                                          controller.container_name)
            cors_info = container_info.get('cors', {})
-            if not controller.is_origin_allowed(cors_info, req_origin):
-                # invalid CORS request
-                return Response(status=HTTP_UNAUTHORIZED)

            # Call through to the decorated method
            resp = func(*a, **kw)
--- a/test/unit/proxy/test_server.py
+++ b/test/unit/proxy/test_server.py
@ -4060,30 +4060,6 @@ class TestObjectController(unittest.TestCase):
                'x-auth-token, x-foo',
                sortHeaderNames(resp.headers['access-control-allow-headers']))

-    def test_CORS_invalid_origin(self):
-        with save_globals():
-            controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
-
-            def stubContainerInfo(*args):
-                return {
-                    'cors': {
-                        'allow_origin': 'http://baz'
-                    }
-                }
-            controller.container_info = stubContainerInfo
-
-            def objectGET(controller, req):
-                return Response()
-
-            req = Request.blank(
-                '/a/c/o.jpg',
-                {'REQUEST_METHOD': 'GET'},
-                headers={'Origin': 'http://foo.bar'})
-
-            resp = cors_validation(objectGET)(controller, req)
-
-            self.assertEquals(401, resp.status_int)
-
    def test_CORS_valid(self):
        with save_globals():
            controller = proxy_server.ObjectController(self.app, 'a', 'c', 'o')
@ -4913,30 +4889,6 @@ class TestContainerController(unittest.TestCase):
                'x-auth-token, x-foo',
                sortHeaderNames(resp.headers['access-control-allow-headers']))

-    def test_CORS_invalid_origin(self):
-        with save_globals():
-            controller = proxy_server.ContainerController(self.app, 'a', 'c')
-
-            def stubContainerInfo(*args):
-                return {
-                    'cors': {
-                        'allow_origin': 'http://baz'
-                    }
-                }
-            controller.container_info = stubContainerInfo
-
-            def containerGET(controller, req):
-                return Response()
-
-            req = Request.blank(
-                '/a/c/o.jpg',
-                {'REQUEST_METHOD': 'GET'},
-                headers={'Origin': 'http://foo.bar'})
-
-            resp = cors_validation(containerGET)(controller, req)
-
-            self.assertEquals(401, resp.status_int)
-
    def test_CORS_valid(self):
        with save_globals():
            controller = proxy_server.ContainerController(self.app, 'a', 'c')