)]}'
{"doc/source/cors.rst":[{"author":{"_account_id":330,"name":"John Dickinson","email":"me@not.mn","username":"notmyname"},"change_message_id":"13c58d4a2ac7b7248d78f7f2929a2430a4e12462","unresolved":false,"context_lines":[{"line_number":26,"context_line":"|                                             | actual request by browser,    |"},{"line_number":27,"context_line":"|                                             | space seperated.              |"},{"line_number":28,"context_line":"+---------------------------------------------+-------------------------------+"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Before a browser issues an actual request it may issue a `preflight request`_."},{"line_number":31,"context_line":"The preflight request is an OPTIONS call to verify the Origin is allowed to"},{"line_number":32,"context_line":"make the request. The sequence of events are,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2FdTs%3D","line":29,"updated":"2013-01-21 20:48:48.000000000","message":"Please also add support (and docs) for x-container-meta-access-control-expose-headers. These will be used in the cors_validation() decorator.","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"b48ac425fd9534e20db3e044ad7aff4a1ba599c8","unresolved":false,"context_lines":[{"line_number":26,"context_line":"|                                             | actual request by browser,    |"},{"line_number":27,"context_line":"|                                             | space seperated.              |"},{"line_number":28,"context_line":"+---------------------------------------------+-------------------------------+"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Before a browser issues an actual request it may issue a `preflight request`_."},{"line_number":31,"context_line":"The preflight request is an OPTIONS call to verify the Origin is allowed to"},{"line_number":32,"context_line":"make the request. The sequence of events are,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2FbgI%3D","line":29,"in_reply_to":"AAAAM3%2F%2FdRU%3D","updated":"2013-01-22 21:21:50.000000000","message":"Done","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"b48ac425fd9534e20db3e044ad7aff4a1ba599c8","unresolved":false,"context_lines":[{"line_number":26,"context_line":"|                                             | actual request by browser,    |"},{"line_number":27,"context_line":"|                                             | space seperated.              |"},{"line_number":28,"context_line":"+---------------------------------------------+-------------------------------+"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Before a browser issues an actual request it may issue a `preflight request`_."},{"line_number":31,"context_line":"The preflight request is an OPTIONS call to verify the Origin is allowed to"},{"line_number":32,"context_line":"make the request. The sequence of events are,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2FbgM%3D","line":29,"in_reply_to":"AAAAM3%2F%2FdTs%3D","updated":"2013-01-22 21:21:50.000000000","message":"Done","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"18fc8fb844f882321302d0a8506ea294dcf1719f","unresolved":false,"context_lines":[{"line_number":26,"context_line":"|                                             | actual request by browser,    |"},{"line_number":27,"context_line":"|                                             | space seperated.              |"},{"line_number":28,"context_line":"+---------------------------------------------+-------------------------------+"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Before a browser issues an actual request it may issue a `preflight request`_."},{"line_number":31,"context_line":"The preflight request is an OPTIONS call to verify the Origin is allowed to"},{"line_number":32,"context_line":"make the request. The sequence of events are,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2FdRU%3D","line":29,"in_reply_to":"AAAAM3%2F%2FdTs%3D","updated":"2013-01-21 21:17:58.000000000","message":"To clarify, setting X-Container-Meta-Access-Control-Expose-Headers would be optional, but if present, that metadata key\u0027s list of headers would be mixed in with the hard-coded set in cors_validation().","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":330,"name":"John Dickinson","email":"me@not.mn","username":"notmyname"},"change_message_id":"13c58d4a2ac7b7248d78f7f2929a2430a4e12462","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":".. _CORS: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS"},{"line_number":77,"context_line":".. _preflight request: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS#Preflighted_requests"},{"line_number":78,"context_line":".. _test CORS page: http://paste.openstack.org/show/29664/"},{"line_number":79,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2Fdfs%3D","line":78,"updated":"2013-01-21 20:48:48.000000000","message":"Rather than link to a pastebin, I\u0027d like to see this included in the swift docs.","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"b48ac425fd9534e20db3e044ad7aff4a1ba599c8","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":".. _CORS: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS"},{"line_number":77,"context_line":".. _preflight request: https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS#Preflighted_requests"},{"line_number":78,"context_line":".. _test CORS page: http://paste.openstack.org/show/29664/"},{"line_number":79,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"AAAAM3%2F%2Fbd4%3D","line":78,"in_reply_to":"AAAAM3%2F%2Fdfs%3D","updated":"2013-01-22 21:21:50.000000000","message":"Done","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"}],"doc/source/index.rst":[{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"885849725695cd29c3a9a80dc7ac6f57960af191","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    overview_container_sync"},{"line_number":54,"context_line":"    overview_expiring_objects"},{"line_number":55,"context_line":"    associated_projects"},{"line_number":56,"context_line":"    cors"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Developer Documentation"},{"line_number":59,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"AAAAM3%2F%2FeeQ%3D","line":56,"updated":"2013-01-20 17:08:54.000000000","message":"Minor nitpick, but I\u0027d put \"cors\" second to last, leaving \"associated_projects\" at the bottom.","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"0662dd9abb26a2a37d0ba847e60dccd934ae0499","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    overview_container_sync"},{"line_number":54,"context_line":"    overview_expiring_objects"},{"line_number":55,"context_line":"    associated_projects"},{"line_number":56,"context_line":"    cors"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Developer Documentation"},{"line_number":59,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"AAAAM3%2F%2FebU%3D","line":56,"in_reply_to":"AAAAM3%2F%2FeeQ%3D","updated":"2013-01-20 21:00:08.000000000","message":"Done","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"}],"swift/proxy/controllers/base.py":[{"author":{"_account_id":330,"name":"John Dickinson","email":"me@not.mn","username":"notmyname"},"change_message_id":"13c58d4a2ac7b7248d78f7f2929a2430a4e12462","unresolved":false,"context_lines":[{"line_number":158,"context_line":"            for header in resp.headers:"},{"line_number":159,"context_line":"                if header.startswith(\u0027x-container\u0027) or \\"},{"line_number":160,"context_line":"                        header.startswith(\u0027x-object\u0027):"},{"line_number":161,"context_line":"                    expose_headers +\u003d \u0027, %s\u0027 % header.lower()"},{"line_number":162,"context_line":"            resp.headers[\u0027Access-Control-Expose-Headers\u0027] \u003d expose_headers"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"            # The user agent won\u0027t process the response if the Allow-Origin"}],"source_content_type":"text/x-python","patch_set":7,"id":"AAAAM3%2F%2Fdeg%3D","line":161,"updated":"2013-01-21 20:48:48.000000000","message":"This list should include the \"simple response headers\" listed on http://www.w3.org/TR/cors/. It should include \"etag\", \"x-trans-id\", and \"x-timestamp\". It should also include the headers with x-object-meta- and x-container-meta- prefixes. Finally, it should include the allow-access-expose-headers, if any, set on the container.\n\nWhy do the other headers need to be set (connection, accept-ranges, date, etc)?\n\nThe docs will need to change too (ie cors.rst).","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"b48ac425fd9534e20db3e044ad7aff4a1ba599c8","unresolved":false,"context_lines":[{"line_number":158,"context_line":"            for header in resp.headers:"},{"line_number":159,"context_line":"                if header.startswith(\u0027x-container\u0027) or \\"},{"line_number":160,"context_line":"                        header.startswith(\u0027x-object\u0027):"},{"line_number":161,"context_line":"                    expose_headers +\u003d \u0027, %s\u0027 % header.lower()"},{"line_number":162,"context_line":"            resp.headers[\u0027Access-Control-Expose-Headers\u0027] \u003d expose_headers"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"            # The user agent won\u0027t process the response if the Allow-Origin"}],"source_content_type":"text/x-python","patch_set":7,"id":"AAAAM3%2F%2FboU%3D","line":161,"in_reply_to":"AAAAM3%2F%2FdQ0%3D","updated":"2013-01-22 21:21:50.000000000","message":"Done","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"18fc8fb844f882321302d0a8506ea294dcf1719f","unresolved":false,"context_lines":[{"line_number":158,"context_line":"            for header in resp.headers:"},{"line_number":159,"context_line":"                if header.startswith(\u0027x-container\u0027) or \\"},{"line_number":160,"context_line":"                        header.startswith(\u0027x-object\u0027):"},{"line_number":161,"context_line":"                    expose_headers +\u003d \u0027, %s\u0027 % header.lower()"},{"line_number":162,"context_line":"            resp.headers[\u0027Access-Control-Expose-Headers\u0027] \u003d expose_headers"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"            # The user agent won\u0027t process the response if the Allow-Origin"}],"source_content_type":"text/x-python","patch_set":7,"id":"AAAAM3%2F%2FdQ0%3D","line":161,"in_reply_to":"AAAAM3%2F%2Fdeg%3D","updated":"2013-01-21 21:17:58.000000000","message":"In my first pass, I missed the fact that x-container* and x-object* are passed through.  I\u0027d thought those were x-container-meta-* and x-object-meta-*.\n\nI think we should only programmatically white-list headers starting with \"x-container-meta-\" and \"x-object-meta-\" and explicitly whitelist any headers Swift sends out which are safe... even if that\u0027s like 10 headers or whatever.  That\u0027s better than accidentally leaking some header we don\u0027t want.","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"b48ac425fd9534e20db3e044ad7aff4a1ba599c8","unresolved":false,"context_lines":[{"line_number":158,"context_line":"            for header in resp.headers:"},{"line_number":159,"context_line":"                if header.startswith(\u0027x-container\u0027) or \\"},{"line_number":160,"context_line":"                        header.startswith(\u0027x-object\u0027):"},{"line_number":161,"context_line":"                    expose_headers +\u003d \u0027, %s\u0027 % header.lower()"},{"line_number":162,"context_line":"            resp.headers[\u0027Access-Control-Expose-Headers\u0027] \u003d expose_headers"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"            # The user agent won\u0027t process the response if the Allow-Origin"}],"source_content_type":"text/x-python","patch_set":7,"id":"AAAAM3%2F%2FboY%3D","line":161,"in_reply_to":"AAAAM3%2F%2Fdeg%3D","updated":"2013-01-22 21:21:50.000000000","message":"Updated to expose the \"simple response headers\", \"etag\", \"x-timestamp\", \"x-trans-id\", \"x-container-meta-*\", \"x-object-meta-*\" and user specified via allow-access-expose-headers.\n\nThe reason I exposed x-container-* was to catch x-container-object-count and x-container-bytes-used. The user can now include these in allow-access-expose-headers if they wish.\n\nThe reason for including (connection, content-length, date, x-timestamp, accept-ranges) was that they were being returned anyway and seemed relatively benign. I guess the user can use allow-access-expose-headers if they want them.","commit_id":"2d7d1d74284a7144c80a23c1b2723b99455b1c21"}],"test/unit/proxy/test_server.py":[{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"885849725695cd29c3a9a80dc7ac6f57960af191","unresolved":false,"context_lines":[{"line_number":4467,"context_line":"            self.assertEquals("},{"line_number":4468,"context_line":"                \u0027http://foo.bar\u0027,"},{"line_number":4469,"context_line":"                resp.headers[\u0027access-control-allow-origin\u0027])"},{"line_number":4470,"context_line":"            self.assertEquals("},{"line_number":4471,"context_line":"                \u0027connection, content-length, date, x-timestamp, accept-ranges, x-container-meta-color\u0027,"},{"line_number":4472,"context_line":"                resp.headers[\u0027access-control-expose-headers\u0027])"},{"line_number":4473,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"AAAAM3%2F%2FeeU%3D","line":4470,"updated":"2013-01-20 17:08:54.000000000","message":"You should probably use sortHeaderNames() here.","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"0662dd9abb26a2a37d0ba847e60dccd934ae0499","unresolved":false,"context_lines":[{"line_number":4467,"context_line":"            self.assertEquals("},{"line_number":4468,"context_line":"                \u0027http://foo.bar\u0027,"},{"line_number":4469,"context_line":"                resp.headers[\u0027access-control-allow-origin\u0027])"},{"line_number":4470,"context_line":"            self.assertEquals("},{"line_number":4471,"context_line":"                \u0027connection, content-length, date, x-timestamp, accept-ranges, x-container-meta-color\u0027,"},{"line_number":4472,"context_line":"                resp.headers[\u0027access-control-expose-headers\u0027])"},{"line_number":4473,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"AAAAM3%2F%2FebQ%3D","line":4470,"in_reply_to":"AAAAM3%2F%2FeeU%3D","updated":"2013-01-20 21:00:08.000000000","message":"I\u0027ve refactored this code so a call to sortHeaderNames() is no longer necessary.","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"},{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"885849725695cd29c3a9a80dc7ac6f57960af191","unresolved":false,"context_lines":[{"line_number":4830,"context_line":"            test_status_map((201, 500, 500), 503)"},{"line_number":4831,"context_line":"            test_status_map((204, 500, 404), 503)"},{"line_number":4832,"context_line":""},{"line_number":4833,"context_line":"    def test_OPTIONS(self):"},{"line_number":4834,"context_line":"        with save_globals():"},{"line_number":4835,"context_line":"            controller \u003d proxy_server.AccountController(self.app, \u0027a\u0027)"},{"line_number":4836,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"AAAAM3%2F%2FeeY%3D","line":4833,"updated":"2013-01-20 17:08:54.000000000","message":"I think this represents a duplicate definition of test_OPTIONS() in the same class.\n\nYou should probably add to the existing test_OPTIONS() code which shows the same behavior as what\u0027s already there, but when \"Origin\" and \"Access-Control-Request-Method\" are present in the request headers.\n\nOr, alternatively, rename this test_OPTIONS() and beef up its assertions.","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"0662dd9abb26a2a37d0ba847e60dccd934ae0499","unresolved":false,"context_lines":[{"line_number":4830,"context_line":"            test_status_map((201, 500, 500), 503)"},{"line_number":4831,"context_line":"            test_status_map((204, 500, 404), 503)"},{"line_number":4832,"context_line":""},{"line_number":4833,"context_line":"    def test_OPTIONS(self):"},{"line_number":4834,"context_line":"        with save_globals():"},{"line_number":4835,"context_line":"            controller \u003d proxy_server.AccountController(self.app, \u0027a\u0027)"},{"line_number":4836,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"AAAAM3%2F%2FebM%3D","line":4833,"in_reply_to":"AAAAM3%2F%2FeeY%3D","updated":"2013-01-20 21:00:08.000000000","message":"My bad. I missed the other definition of this method.\n\nI\u0027ve moved this code into the existing test.","commit_id":"093cfd5d757ef2467365e0c0a078c4be9c80a7a9"},{"author":{"_account_id":2696,"name":"Darrell Bishop","email":"dbishop@nvidia.com","username":"darrellb"},"change_message_id":"b01d8893cc3abd282aebdbe8f6d8b26f0a846baa","unresolved":false,"context_lines":[{"line_number":4498,"context_line":"            exposed \u003d set("},{"line_number":4499,"context_line":"                h.strip() for h in"},{"line_number":4500,"context_line":"                resp.headers[\u0027access-control-expose-headers\u0027].split(\u0027,\u0027))"},{"line_number":4501,"context_line":"            self.assertEquals(len(exposed), 6)"},{"line_number":4502,"context_line":"            self.assertTrue(\u0027x-super-secret\u0027 not in exposed)"},{"line_number":4503,"context_line":"            self.assertTrue(\u0027connection\u0027 in exposed)"},{"line_number":4504,"context_line":"            self.assertTrue(\u0027content-length\u0027 in exposed)"}],"source_content_type":"text/x-python","patch_set":5,"id":"AAAAM3%2F%2Fedk%3D","line":4501,"updated":"2013-01-20 17:27:04.000000000","message":"If you\u0027re going to test the count of elements in the set and then each element, it\u0027d be more concise to say\n\n self.assertEquals(exposed, set((\u0027h1\u0027, \u0027h2\u0027, ...)))\n\nThat covers the count (6), each element\u0027s value, and is independent of the response\u0027s header ordering.","commit_id":"bcd6bc1e22215bc0bd2f78c4d72f77fe3efd00f3"},{"author":{"_account_id":904,"name":"Adrian Smith","email":"adrian@17od.com","username":"adriansmith"},"change_message_id":"660aa5922800a7ac42bc25bfc3765eb52bd41868","unresolved":false,"context_lines":[{"line_number":4498,"context_line":"            exposed \u003d set("},{"line_number":4499,"context_line":"                h.strip() for h in"},{"line_number":4500,"context_line":"                resp.headers[\u0027access-control-expose-headers\u0027].split(\u0027,\u0027))"},{"line_number":4501,"context_line":"            self.assertEquals(len(exposed), 6)"},{"line_number":4502,"context_line":"            self.assertTrue(\u0027x-super-secret\u0027 not in exposed)"},{"line_number":4503,"context_line":"            self.assertTrue(\u0027connection\u0027 in exposed)"},{"line_number":4504,"context_line":"            self.assertTrue(\u0027content-length\u0027 in exposed)"}],"source_content_type":"text/x-python","patch_set":5,"id":"AAAAM3%2F%2FebI%3D","line":4501,"in_reply_to":"AAAAM3%2F%2Fedk%3D","updated":"2013-01-20 20:59:57.000000000","message":"Done","commit_id":"bcd6bc1e22215bc0bd2f78c4d72f77fe3efd00f3"}]}