Generate {application,text}/xml headers on gateway by client's choice

[arielshaqed]

If no header is specified, none is explicitly generated. Then the Go http server generates
one by scanning content, it happens to be text/xml. If either of these headers is
specified, generate that requested content type. If (only) other headers are generated,
respond "Not Acceptable".

This does not break backwards compatibility with clients that do not generate such a
header (boto, mc). This should improve compatibility with a client that explicitly asks for
application/xml (the Akka S3 client alpakka only accepts that Content-Type, so it had better
ask for it). It will break a lying client that requests only anything-but-standard-XML.

[arielshaqed]

Tested by capturing traffic (from the minio/mc client) to our gateway and adding various Accept: header values. (The AWS sigv4 security protocol allows replays, that is so very useful for testing, if horribly badly wrong for actual security...)

Should fix #987 , but ideally wait for customer confirmation that it does before pulling :-)

[arielshaqed]

@keimoon could you please take a look, too, and see whether this PR would fix your issue?

[codecov-io]

Codecov Report

Merging #992 (7d4b24e) into master (a57e068) will increase coverage by 0.46%.
The diff coverage is 17.39%.

@@            Coverage Diff             @@
##           master     #992      +/-   ##
==========================================
+ Coverage   44.26%   44.72%   +0.46%     
==========================================
  Files         140      147       +7     
  Lines       11570    11869     +299     
==========================================
+ Hits         5121     5308     +187     
- Misses       5799     5879      +80     
- Partials      650      682      +32     

Impacted Files	Coverage Δ
gateway/operations/base.go	0.00% <0.00%> (ø)
gateway/operations/getobject.go	0.00% <0.00%> (ø)
gateway/operations/headobject.go	0.00% <0.00%> (ø)
gateway/handler.go	57.23% <26.66%> (-1.55%)	⬇️
catalog/mvcc/cataloger_create_repository.go	59.25% <0.00%> (-3.71%)	⬇️
catalog/mvcc/cataloger_list_entries.go	85.21% <0.00%> (-0.32%)	⬇️
pyramid/file.go	76.47% <0.00%> (ø)
graveler/graveler.go	0.00% <0.00%> (ø)
pyramid/ro_file.go	71.42% <0.00%> (ø)
graveler/staging_iterator.go	81.08% <0.00%> (ø)
... and 7 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a57e068...7d4b24e. Read the comment docs.

[keimoon]

Unfortunately, alpakka does not send Accept header so this fix does not work for us. Currently we are using an work around (proxy the response to replace the response header) to overcome this issue.

[arielshaqed]

Thanks! Also need to set the default to application/xml because @keimoon points out the Alpakka client doesn't pass an Accepts: header. Turns out that passing this header just doesn't happen in the world of S3 clients. Since S3 and Minio both seem happy to return application/xml, go with that.

[ozkatz]

Won't this return application/xml for non-xml responses? (i.e. GetObject?)

[arielshaqed]

Won't this return application/xml for non-xml responses? (i.e. GetObject?)

Ouch, good catch! I'll need to figure out how to make go-swagger prefer application/xml :-(

[arielshaqed]

Dismissed reviews because of Oz' issue with adding content types to files and heads from the backing store. Will re-request soon(-ish).

Bug in code.

[arielshaqed]

@johnnyaug @ozkatz PTAL, I cleaned up behaviour of Accepts:, get-object is back to ignoring everything except the auto-detected content-type.

[johnnyaug]

Rephrase comment, or put it somewhere else

[johnnyaug]

Also rephrase to clarify how this comment is related to this code

[arielshaqed]

@ozkatz are we good to go with this?

[ozkatz]

looks good!

[arielshaqed]

Thanks!