amazon-s3corsopenstack-swiftcephradosgw

CEPH + S3 Java SDK + presigned PUT + CORS = FAIL


I am looking for the magic formula to get CEPH + S3 Java SDK + presigned PUT url + CORS working. We are able to create a bucket and then apply a CORS configuration to the bucket. We are then able to create a pre-generated PUT url that we then send back to the client. However, the CORS preflight (Options) request fails with 403.

Against AWS this same code works great. However, both Swift and Ceph fail on the OPTIONS request with 403. Since the OPTIONS fails, CORS fails. We tracked it down (we think) to a possible flaw in RADOSGW in how it creates the auth header...it doesnt match the signing process used by the amazon SDK. For example:

AWS Java auth hdr that gets signed:
PUT

image/jpeg
1404252781
x-amz-meta-origfile:Desert.jpg
/virbsupport/78946140-4638-4338-b765-6f701c453a89?response-content-disposition=attachment; filename=Desert.jpg

In Ceph:
OPTIONS


1404252781
/virbsupport/78946140-4638-4338-b765-6f701c453a89?response-content-disposition=attachment; filename=Desert.jpg

We can work with the content type and additional metadata fields being missing but notice the METHOD is totally wrong. RADOSGW I think should be using the "Access-Control-Request-Method" as the method in the signature...not the actual OPTIONS method being used for the preflight request.

Has anyone been able to get this combination functional?


Solution

  • We ended up logging a bug to the Ceph RGW library for this issue. http://tracker.ceph.com/issues/8718#change-38624