Unauthenticated access to swift

Asked by Rainer Toebbicke

I am about to suggest a trivial modification to the proxy server allowing unauthenticated (read-) access to a swift container provided that the container's (read-)ACL says "ANYBODY".

The background of this is to allow distribution of javascripts or even complete primitive web sites that implement full-blown access to files in swift using the S3 protocol. They couldn't be served from a genuine web server without being suspected of cross-site-scripting by the browser, but it works with swift acting as an Ersatz-apache.

Before I submit the mod for review, I'd like to make sure I am not unkowingly re-inventing the wheel or otherwise attempting something that would be considered heretic.

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Solved by:
John Dickinson
Solved:
Last query:
Last reply:
Revision history for this message
Florian Hines (pandemicsyn) said :
#1

There's Swift's StaticWeb - http://swift.openstack.org/misc.html#module-swift.common.middleware.staticweb

It let's you serve content straight out of a container.

Revision history for this message
Best John Dickinson (notmyname) said :
#2

Staticweb allows you to handle index pages and limited redirects.

Another option is to add "X-Container-Read: .r:*" to your container to mark it as public. This will allow GETs to objects in the container without an auth token (eg from a browser)

Revision history for this message
Rainer Toebbicke (rtb) said :
#3

Thanks John Dickinson, that solved my question.