openstack/swift
Code Issues Proposed changes
Files
34b4bf34d223c7c289dde5441e93ebfea90eade9
swift/swift/common/middleware/crossdomain.py
Richard (Rick) Hawkins 2c4bf81464 Added discoverable capabilities. 
Swift can now optionally be configured to allow requests to '/info',
providing information about the swift cluster.  Additionally a HMAC
signed requests to
'/info?swiftinfo_sig=<sign>&swiftinfo_expires=<expires>' can be
configured allowing privileged access to more sensitive information
not meant to be public.

DocImpact
Change-Id: I2379360fbfe3d9e9e8b25f1dc34517d199574495
Implements: blueprint capabilities
Closes-Bug: #1245694
2013-11-22 15:54:13 -06:00

93 lines
3.4 KiB
Python
Raw Blame History

# Copyright (c) 2013 OpenStack Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from swift.common.swob import Request, Response
from swift.common.utils import register_swift_info
class CrossDomainMiddleware(object):
"""
Cross domain middleware used to respond to requests for cross domain
policy information.
If the path is /crossdomain.xml it will respond with an xml cross domain
policy document. This allows web pages hosted elsewhere to use client
side technologies such as Flash, Java and Silverlight to interact
with the Swift API.
To enable this middleware, add it to the pipeline in your proxy-server.conf
file. It should be added before any authentication (e.g., tempauth or
keystone) middleware. In this example ellipsis (...) indicate other
middleware you may have chosen to use::
[pipeline:main]
pipeline = ... crossdomain ... authtoken ... proxy-server
And add a filter section, such as::
[filter:crossdomain]
use = egg:swift#crossdomain
cross_domain_policy = <allow-access-from domain="*.example.com" />
<allow-access-from domain="www.example.com" secure="false" />
For continuation lines, put some whitespace before the continuation
text. Ensure you put a completely blank line to terminate the
cross_domain_policy value.
The cross_domain_policy name/value is optional. If omited, the policy
defaults as if you had specified::
cross_domain_policy = <allow-access-from domain="*" secure="false" />
"""
def __init__(self, app, conf, *args, **kwargs):
self.app = app
self.conf = conf
default_domain_policy = '<allow-access-from domain="*"' \
' secure="false" />'
self.cross_domain_policy = self.conf.get('cross_domain_policy',
default_domain_policy)
def GET(self, req):
"""Returns a 200 response with cross domain policy information """
body = '<?xml version="1.0"?>\n' \
'<!DOCTYPE cross-domain-policy SYSTEM ' \
'"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd" >\n' \
'<cross-domain-policy>\n' \
'%s\n' \
'</cross-domain-policy>' % self.cross_domain_policy
return Response(request=req, body=body,
content_type="application/xml")
def __call__(self, env, start_response):
req = Request(env)
if req.path == '/crossdomain.xml' and req.method == 'GET':
return self.GET(req)(env, start_response)
else:
return self.app(env, start_response)
def filter_factory(global_conf, **local_conf):
conf = global_conf.copy()
conf.update(local_conf)
register_swift_info('crossdomain')
def crossdomain_filter(app):
return CrossDomainMiddleware(app, conf)
return crossdomain_filter
View Git Blame Copy Permalink