s3api: Allow CORS preflight requests

Unfortunately, we can't identify the user, so we can't map to an account, so we can't respect whatever CORS metadata might be set on the container. As a result, the allowed origins must be configured cluster-wide. Add a new config option, cors_preflight_allow_origin, for that; default it to blank (ie, deny preflights from all origins, preserving existing behavior), but allow either a comma-separated list of origins or * (to allow all origins). Change-Id: I985143bf03125a05792e79bc5e5f83722d6431b3 Co-Authored-By: Matthew Oliver <matt@oliver.net.au>
author: Tim Burke <tim.burke@gmail.com> 2020-02-27 16:25:44 -0800
committer: Tim Burke <tim.burke@gmail.com> 2021-03-15 13:52:05 -0700
commit: 27a734c78aabdbf04977a01039004e471feae30c (patch)
tree: 8e1e595317dc41502078a1beeab27ec121c67936 /docker
parent: 81db9806901a83f4d0016446cdc48e700ab6e788 (diff)
download: swift-27a734c78aabdbf04977a01039004e471feae30c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/docker/rootfs/etc/swift/proxy-server.conf b/docker/rootfs/etc/swift/proxy-server.conf
index a964f1520..8189cb7f2 100644
--- a/docker/rootfs/etc/swift/proxy-server.conf
+++ b/docker/rootfs/etc/swift/proxy-server.conf
@@ -82,6 +82,7 @@ use = egg:swift#symlink
 # To enable, add the s3api middleware to the pipeline before tempauth
 [filter:s3api]
 use = egg:swift#s3api
+cors_preflight_allow_origin = *
 
 # Example to create root secret: `openssl rand -base64 32`
 [filter:keymaster]
author	Tim Burke <tim.burke@gmail.com>	2020-02-27 16:25:44 -0800
committer	Tim Burke <tim.burke@gmail.com>	2021-03-15 13:52:05 -0700
commit	27a734c78aabdbf04977a01039004e471feae30c (patch)
tree	8e1e595317dc41502078a1beeab27ec121c67936 /docker
parent	81db9806901a83f4d0016446cdc48e700ab6e788 (diff)
download	swift-27a734c78aabdbf04977a01039004e471feae30c.tar.gz