/usr/lib/python2.7/dist-packages/swift/common/middleware/crossdomain.py is in python-swift 2.7.0-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 | # Copyright (c) 2013 OpenStack Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from swift.common.swob import Request, Response
from swift.common.utils import register_swift_info
class CrossDomainMiddleware(object):
"""
Cross domain middleware used to respond to requests for cross domain
policy information.
If the path is /crossdomain.xml it will respond with an xml cross domain
policy document. This allows web pages hosted elsewhere to use client
side technologies such as Flash, Java and Silverlight to interact
with the Swift API.
To enable this middleware, add it to the pipeline in your proxy-server.conf
file. It should be added before any authentication (e.g., tempauth or
keystone) middleware. In this example ellipsis (...) indicate other
middleware you may have chosen to use::
[pipeline:main]
pipeline = ... crossdomain ... authtoken ... proxy-server
And add a filter section, such as::
[filter:crossdomain]
use = egg:swift#crossdomain
cross_domain_policy = <allow-access-from domain="*.example.com" />
<allow-access-from domain="www.example.com" secure="false" />
For continuation lines, put some whitespace before the continuation
text. Ensure you put a completely blank line to terminate the
cross_domain_policy value.
The cross_domain_policy name/value is optional. If omitted, the policy
defaults as if you had specified::
cross_domain_policy = <allow-access-from domain="*" secure="false" />
"""
def __init__(self, app, conf, *args, **kwargs):
self.app = app
self.conf = conf
default_domain_policy = '<allow-access-from domain="*"' \
' secure="false" />'
self.cross_domain_policy = self.conf.get('cross_domain_policy',
default_domain_policy)
def GET(self, req):
"""Returns a 200 response with cross domain policy information """
body = '<?xml version="1.0"?>\n' \
'<!DOCTYPE cross-domain-policy SYSTEM ' \
'"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd" >\n' \
'<cross-domain-policy>\n' \
'%s\n' \
'</cross-domain-policy>' % self.cross_domain_policy
return Response(request=req, body=body,
content_type="application/xml")
def __call__(self, env, start_response):
req = Request(env)
if req.path == '/crossdomain.xml' and req.method == 'GET':
return self.GET(req)(env, start_response)
else:
return self.app(env, start_response)
def filter_factory(global_conf, **local_conf):
conf = global_conf.copy()
conf.update(local_conf)
register_swift_info('crossdomain')
def crossdomain_filter(app):
return CrossDomainMiddleware(app, conf)
return crossdomain_filter
|