82101a36d3
According to the HTTP spec, a HEAD request should return the same status and headers as the GET request (including content-type and content-length). The HEAD request simply strips out the body and returns no body. Any case where HEAD routing returned a different status code than GET, now returns the same status and headers. Any case where HEAD was supported where GET was not supported now supports both GET and HEAD. The wsgi.render_response code now handles HEAD appropriately and will maintain headers while enforcing no body data is returned. The bulk of this change is to support the same behavior between deploying Keystone under eventlet and under HTTPD + mod_wsgi. In the case of deploying under HTTPD + mod_wsgi, there are cases where mod_wsgi will turn a HEAD request into a GET request to ensure that the proper response is rendered. With these changes all HEAD responses will respond in the same manner under either eventlet or mod_wsgi. Change-Id: I13ce159cbe9739d4bf5d321fc4bd069245f32734 Closes-Bug: #1334368
60 lines
2.6 KiB
Python
60 lines
2.6 KiB
Python
# Copyright 2012 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
from keystone.common import wsgi
|
|
from keystone.token import controllers
|
|
|
|
|
|
class Router(wsgi.ComposableRouter):
|
|
def add_routes(self, mapper):
|
|
token_controller = controllers.Auth()
|
|
mapper.connect('/tokens',
|
|
controller=token_controller,
|
|
action='authenticate',
|
|
conditions=dict(method=['POST']))
|
|
mapper.connect('/tokens/revoked',
|
|
controller=token_controller,
|
|
action='revocation_list',
|
|
conditions=dict(method=['GET']))
|
|
mapper.connect('/tokens/{token_id}',
|
|
controller=token_controller,
|
|
action='validate_token',
|
|
conditions=dict(method=['GET']))
|
|
# NOTE(morganfainberg): For policy enforcement reasons, the
|
|
# ``validate_token_head`` method is still used for HEAD requests.
|
|
# The controller method makes the same call as the validate_token
|
|
# call and lets wsgi.render_response remove the body data.
|
|
mapper.connect('/tokens/{token_id}',
|
|
controller=token_controller,
|
|
action='validate_token_head',
|
|
conditions=dict(method=['HEAD']))
|
|
mapper.connect('/tokens/{token_id}',
|
|
controller=token_controller,
|
|
action='delete_token',
|
|
conditions=dict(method=['DELETE']))
|
|
mapper.connect('/tokens/{token_id}/endpoints',
|
|
controller=token_controller,
|
|
action='endpoints',
|
|
conditions=dict(method=['GET']))
|
|
|
|
# Certificates used to verify auth tokens
|
|
mapper.connect('/certificates/ca',
|
|
controller=token_controller,
|
|
action='ca_cert',
|
|
conditions=dict(method=['GET']))
|
|
|
|
mapper.connect('/certificates/signing',
|
|
controller=token_controller,
|
|
action='signing_cert',
|
|
conditions=dict(method=['GET']))
|