Change tempauth to check X-Auth-Token in HTTP cookies in addition to headers

Registered by Philip Peshin on 2012-12-18

For Javascript/HTML based application it is not possible to send HTTP header for downloading file locally via clicking on a link. TempURL middleware requires exposure of a secret key, which is not desirable for Javascript/HTML application since source code is entirely on the client.

The proposed solution is to change tempauth to recognize "X-Auth-Token" cookie, which could be set by Javascript in the browser. Then it will be possible to download file from Swift by clicking a link.

Here is a patch for tempauth.py:

132c132
< token = env.get('HTTP_X_AUTH_TOKEN', env.get('HTTP_X_STORAGE_TOKEN'))
---
> token = env.get('HTTP_X_AUTH_TOKEN', env.get('HTTP_X_STORAGE_TOKEN', Request(env).cookies.get('X-Auth-Token')))

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.