)]}'
{"swift/common/middleware/s3api/s3api.py":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"2727540457cc09fdc3eae593894d3ee73da5bda4","unresolved":true,"context_lines":[{"line_number":294,"context_line":"    def is_s3_cors_preflight(self, env):"},{"line_number":295,"context_line":"        if env[\u0027REQUEST_METHOD\u0027] !\u003d \u0027OPTIONS\u0027 or not env.get(\u0027HTTP_ORIGIN\u0027):"},{"line_number":296,"context_line":"            # Not a CORS preflight"},{"line_number":297,"context_line":"            return False"},{"line_number":298,"context_line":"        acrh \u003d env.get(\u0027HTTP_ACCESS_CONTROL_REQUEST_HEADERS\u0027, \u0027\u0027).lower()"},{"line_number":299,"context_line":"        if \u0027authorization\u0027 in acrh and \\"},{"line_number":300,"context_line":"                not env[\u0027PATH_INFO\u0027].startswith((\u0027/v1/\u0027, \u0027/v1.0/\u0027)):"}],"source_content_type":"text/x-python","patch_set":2,"id":"07187f8d_6c33452a","line":297,"updated":"2021-09-09 03:23:33.000000000","message":"Is there a case where it can be OPTIONS and not have an origin header? I mean if I see a OPTIONS request and am missing the Origin header would that still be considered a pre-flight, so is a Origin header AND a OPTIONS verb mandatory?\n\nI guess this isn\u0027t different then what we had before so :shrug:","commit_id":"460dcf7562b7fa6d3244c28097ddd77287782274"}],"test/unit/common/middleware/s3api/test_obj.py":[{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"dd2dcd276478f7d0fff0c0deb5847fbc5e358bf0","unresolved":true,"context_lines":[{"line_number":1778,"context_line":"            environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027OPTIONS\u0027},"},{"line_number":1779,"context_line":"            headers\u003d{\u0027Origin\u0027: \u0027http://example.com\u0027,"},{"line_number":1780,"context_line":"                     \u0027Access-Control-Request-Method\u0027: \u0027PUT\u0027,"},{"line_number":1781,"context_line":"                     \u0027Access-Control-Request-Headers\u0027: \u0027authorization\u0027})"},{"line_number":1782,"context_line":"        status, headers, body \u003d self.call_s3api(req)"},{"line_number":1783,"context_line":"        self.assertEqual(status, \u0027200 OK\u0027)"},{"line_number":1784,"context_line":"        self.assertDictEqual(headers, {"}],"source_content_type":"text/x-python","patch_set":1,"id":"0f1614ec_cc38c845","line":1781,"updated":"2021-07-14 00:27:11.000000000","message":"I have a question about this... Would a browser ever send PUT with Authorization: (which triggers a CORS preflight light the above)? I cannot imagine a situation when this happens... unless you use some kind of browser plug-in, right?","commit_id":"1c50d59fbbc13e3f2874e91749dd3df8a87cacce"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"c7db121b6e65251c721fffa7477db099adc33bb2","unresolved":true,"context_lines":[{"line_number":1778,"context_line":"            environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027OPTIONS\u0027},"},{"line_number":1779,"context_line":"            headers\u003d{\u0027Origin\u0027: \u0027http://example.com\u0027,"},{"line_number":1780,"context_line":"                     \u0027Access-Control-Request-Method\u0027: \u0027PUT\u0027,"},{"line_number":1781,"context_line":"                     \u0027Access-Control-Request-Headers\u0027: \u0027authorization\u0027})"},{"line_number":1782,"context_line":"        status, headers, body \u003d self.call_s3api(req)"},{"line_number":1783,"context_line":"        self.assertEqual(status, \u0027200 OK\u0027)"},{"line_number":1784,"context_line":"        self.assertDictEqual(headers, {"}],"source_content_type":"text/x-python","patch_set":1,"id":"ef3e2d54_9698e7ec","line":1781,"in_reply_to":"0f1614ec_cc38c845","updated":"2021-07-14 17:43:49.000000000","message":"Good catch! This was me copying too much from the tests above -- will fix.","commit_id":"1c50d59fbbc13e3f2874e91749dd3df8a87cacce"}]}