def setUpClass(cls):
super(FormPostTest, cls).setUpClass()
cls.key_cache_time = (
cls.objectstorage_api_config.tempurl_key_cache_time)
cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY
cls.object_name = cls.behaviors.VALID_OBJECT_NAME
cls.object_data = cls.behaviors.VALID_OBJECT_DATA
cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA))
cls.http_client = HTTPClient()
cls.redirect_url = "http://example.com/form_post_test"
def setUpClass(cls):
super(TempUrl, cls).setUpClass()
cls.key_cache_time = (
cls.objectstorage_api_config.tempurl_key_cache_time)
cls.http = HTTPClient()
cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY
cls.object_name = cls.behaviors.VALID_OBJECT_NAME
cls.obj_name_containing_trailing_slash = \
cls.behaviors.VALID_OBJECT_NAME_WITH_TRAILING_SLASH
cls.obj_name_containing_slash = \
cls.behaviors.VALID_OBJECT_NAME_WITH_SLASH
cls.object_data = cls.behaviors.VALID_OBJECT_DATA
cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA))
def setUpClass(cls):
super(FormPostTest, cls).setUpClass()
cls.key_cache_time = (
cls.objectstorage_api_config.tempurl_key_cache_time)
cls.object_name = Constants.VALID_OBJECT_NAME
cls.object_data = Constants.VALID_OBJECT_DATA
cls.content_length = str(len(Constants.VALID_OBJECT_DATA))
cls.http_client = HTTPClient()
cls.redirect_url = "http://example.com/form_post_test"
keys_set = cls.behaviors.check_account_tempurl_keys()
if keys_set:
metadata_response = cls.client.get_account_metadata()
cls.tempurl_key = \
metadata_response.headers.get("X-Account-Meta-Temp-Url-Key")
else:
raise Exception("An error occurred while checking for Account "
"TempURL keys")
def setUpClass(cls):
super(CORSTest, cls).setUpClass()
cls.dumb_client = HTTPClient()
cls.object_name = Constants.VALID_OBJECT_NAME
def ddtest_object_override_container_cors_with_tempurl(
self, object_type, generate_object):
"""
Scenario:
Create a container with CORS headers.
Create a object with CORS headers.
Retrieve the object via TempURL.
Expected Results:
If no Origin is set:
The object should be returned with no CORS headers.
If the Origin matches the object's Allow-Origin:
The object should be returned with the CORS headers.
If strict_cors_mode == True and the Origin does not match:
The object should be returned with no CORS headers.
If strict_cors_mode == False and the Origin does not match:
The object should be returned with the CORS headers.
"""
container_expose_headers = ['Content-Length', 'Etag']
container_headers = {
'X-Container-Meta-Access-Control-Allow-Origin':
'http://foo.com',
'X-Container-Meta-Access-Control-Expose-Headers':
','.join(container_expose_headers)}
container_name = self.create_temp_container(
descriptor='container-smoke', headers=container_headers)
object_expose_headers = ['X-Timestamp', 'X-Trans-Id']
object_headers = {
'Content-Type': 'text/plain',
'X-Object-Meta-Access-Control-Allow-Origin':
'http://bar.com',
'X-Object-Meta-Access-Control-Expose-Headers':
','.join(object_expose_headers)}
object_name = 'object'
object_headers = {'Content-Type': 'text/plain'}
generate_object(container_name, object_name, headers=object_headers)
tempurl_key = self.behaviors.get_tempurl_key()
tempurl_info = self.client.create_temp_url(
'GET', container_name, object_name, 900, tempurl_key)
dumb_client = HTTPClient()
# Requests with no Origin should not return CORS headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')})
self.assertTrue(
'Access-Control-Allow-Origin' not in response.headers,
'Allow-Origin header should not be returned.')
self.assertTrue(
'Access-Control-Expose-Headers' not in response.headers,
'Expose-Headers should not be returned.')
# Requests with Origin which matches object, should return CORS
# headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')},
headers={'Origin': 'http://bar.com'})
self.assertTrue(
'Access-Control-Allow-Origin' in response.headers,
'Allow-Origin header should be returned.')
self.assertEqual(
'http://bar.com', response.headers.get(
'Access-Control-Allow-Origin', ''),
'Allow-Origin header should be returned.')
self.assertTrue(
'Access-Control-Expose-Headers' in response.headers,
'Expose-Headers should be returned.')
if self.objectstorage_api_config.strict_cors_mode:
# CORS should work according to the spec.
# Requests with Origin which matches container, should not return
# CORS headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')},
headers={'Origin': 'http://foo.com'})
self.assertTrue(
'Access-Control-Allow-Origin' not in response.headers,
'Allow-Origin header should not be returned.')
self.assertTrue(
'Access-Control-Expose-Headers' not in response.headers,
'Expose-Headers should not be returned.')
# Requests with Origin which does not match, should not return
# CORS headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')},
headers={'Origin': 'http://example.com'})
self.assertTrue(
'Access-Control-Allow-Origin' not in response.headers,
'Allow-Origin header should not be returned.')
self.assertTrue(
'Access-Control-Expose-Headers' not in response.headers,
'Expose-Headers should not be returned.')
else:
# Early implementation of CORS.
# Requests with Origin which matches container, should not return
# CORS headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')},
headers={'Origin': 'http://foo.com'})
self.assertTrue(
'Access-Control-Allow-Origin' in response.headers,
'Allow-Origin header should be returned.')
self.assertTrue(
'Access-Control-Expose-Headers' in response.headers,
'Expose-Headers should be returned.')
# Requests with Origin which does not match, should not return
# CORS headers.
response = dumb_client.request(
'GET', tempurl_info.get('target_url'), params={
'temp_url_sig': tempurl_info.get('signature'),
'temp_url_expires': tempurl_info.get('expires')},
headers={'Origin': 'http://example.com'})
self.assertTrue(
'Access-Control-Allow-Origin' in response.headers,
'Allow-Origin header should be returned with '
'differing origin.')
self.assertTrue(
'Access-Control-Expose-Headers' in response.headers,
'Expose-Headers should be returned with '
'differing origin.')
def test_container_cors_with_formpost(self):
"""
Scenario:
Create a container with CORS headers.
POST an object to the container via FormPOST.
Expected Results:
If no Origin is set:
The response should be returned with no CORS headers.
If the Origin matches the Allow-Origin set:
The response should be returned with the CORS headers.
If strict_cors_mode == True and the Origin does not match:
The response should be returned with no CORS headers.
If strict_cors_mode == False and the Origin does not match:
The response should be returned with the CORS headers.
"""
expose_headers = ['Content-Length', 'Etag', 'X-Timestamp',
'X-Trans-Id']
container_headers = {
'X-Container-Meta-Access-Control-Allow-Origin':
'http://example.com',
'X-Container-Meta-Access-Control-Max-Age': '5',
'X-Container-Meta-Access-Control-Expose-Headers':
','.join(expose_headers)}
container_name = self.create_temp_container(
descriptor='container-smoke', headers=container_headers)
tempurl_key = self.behaviors.get_tempurl_key()
files = [{'name': 'foo1'}]
# Requests with no Origin should not return CORS headers.
formpost_info = self.client.create_formpost(
container_name, files, key=tempurl_key)
dumb_client = HTTPClient()
headers = formpost_info.get('headers')
response = dumb_client.post(
formpost_info.get('target_url'),
headers=headers,
data=formpost_info.get('body'),
requestslib_kwargs={'allow_redirects': False})
self.assertTrue(303, response.status_code)
self.assertTrue('location' in response.headers)
self.assertTrue('access-control-expose-headers' not in
response.headers)
self.assertTrue('access-control-allow-origin' not in response.headers)
# Requests with Origin which does match, should return CORS headers.
formpost_info = self.client.create_formpost(
container_name, files, key=tempurl_key)
dumb_client = HTTPClient()
headers = formpost_info.get('headers')
headers['Origin'] = 'http://example.com'
response = dumb_client.post(
formpost_info.get('target_url'),
headers=headers,
data=formpost_info.get('body'),
requestslib_kwargs={'allow_redirects': False})
self.assertTrue(303, response.status_code)
self.assertTrue('access-control-expose-headers' in response.headers)
self.assertTrue('location' in response.headers)
self.assertTrue('access-control-allow-origin' in response.headers)
if self.objectstorage_api_config.strict_cors_mode:
# CORS should work according to the spec.
# Requests with Origin which does not match, should not return
# CORS headers.
formpost_info = self.client.create_formpost(
container_name, files, key=tempurl_key)
dumb_client = HTTPClient()
headers = formpost_info.get('headers')
headers['Origin'] = 'http://foo.com'
response = dumb_client.post(
formpost_info.get('target_url'),
headers=headers,
data=formpost_info.get('body'),
requestslib_kwargs={'allow_redirects': False})
self.assertTrue(303, response.status_code)
self.assertTrue('access-control-expose-headers' not in
response.headers)
self.assertTrue('location' not in response.headers)
self.assertTrue('access-control-allow-origin' not in
response.headers)
else:
# Early implementation of CORS.
# Requests with Origin which does not match, should not return
# CORS headers.
formpost_info = self.client.create_formpost(
container_name, files, key=tempurl_key)
dumb_client = HTTPClient()
headers = formpost_info.get('headers')
headers['Origin'] = 'http://foo.com'
response = dumb_client.post(
formpost_info.get('target_url'),
headers=headers,
data=formpost_info.get('body'),
requestslib_kwargs={'allow_redirects': False})
self.assertTrue(303, response.status_code)
self.assertTrue('access-control-expose-headers' in
response.headers)
self.assertTrue('location' in response.headers)
self.assertTrue('access-control-allow-origin' in response.headers)
