Blog

Upload to OpenStack Swift via CORS/HTML5 request.

Posté par Chmouel | 4/02/2013  | sous Infrastructures, OpenStack/Dev, Projects | | Pas de commentaires 

One of our client at eNovance had a need to be able to upload to Swift directly from a web browser without going via a PHP proxy.

 

Things in browser-land are not exactly the same as what we have in user-land, it is a bit more restricted to ensure the end-user security and there is a few hoops to jump through to get it working.

 

To be able to do a xmlrpc upload to another server (swift in this case) there is a 'standard/recommendation' document made by W3C about it located here :

http://www.w3.org/TR/2013/CR-cors-20130129/

 

Basically what happen when in Javascript we do :

request.open("POST", "http://swift/AUTH_account/container/");
request.setRequestHeader('X-Auth-Token', myToken);
request.send();
 

The browser just before the request will send an OPTIONS request to check with the server if the request is allowed by the server. This look like this when uploading to Swift :

The Options request that the browser does is literally asking for the server (swift) to know if this domain where it's uploading from is allowed to upload directly via xmlrpc. The request looks like this :

 

 

It says, hello there: my Origin: is this IP and I want to be able to access with this method 'PUT', can I do it ? The server will reply something along (if it's allowed), yeah sure please feel free to send this headers along and those methods and Origin are actually what I am allowing.

 

Thanks to the work of Adrian Smith this is supported since Swift version 1.7.5 (and improved in 1.7.6), you can do  at server level config or with headers on container easily see the full detailled documentation here:

http://docs.openstack.org/developer/swift/cors.html

 

While working on this I could not find a clear example to test it, I only found a great article on this page :

http://www.ioncannon.net/programming/1539/direct-browser-uploading-amazon-s3-cors-fileapi-xhr2-and-signed-puts/

that was targetted to amazon s3 and I adapted it to use with OpenStack Swift.

 

You can find it here and use it as an example for your application :

https://github.com/chmouel/cors-swift-example

TageNovance, openstack, swift

Commenter

Commenter

Recherche

Catégories

Articles récents

The absolute minimum to get you started with Vagrant

How to create specific Nova flavors for tenants

Swiftsync - A way to synchronize two swift clusters

Keystone and PKI Tokens

How to revoke a token with keystone and PKI (v2.0 API)

Tags

amazon web services aws solution provider best open source applications Blog canonical ceph cinder cloud computing cloud storage data availability dell devops enocloud eNovance enovance marketplace essex folsom france glance grizzly hastexo heat horizon infogérance sur aws infrastructures IT applications keystone nova open nebula open source cloud openstack openstack object storage openstack public cloud openstack swift ops oslo python quantum rackspace storage support 24x7 swift ubuntu uforge xebia

Archives