You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Unwrap N-level chained proxy URLs to the innermost upstream.
Recursively peel embedded root/http(s) hops in parseChainedFileUrl so
multi_origin, allow_origin, and HTTP ext see the final endpoint.
Assisted-by: Cursor:Composer-2.5 CursorAI
Use the usual XRootD `//` separator before each path segment (including each embedded URL).
491
+
492
+
PSS forwarding (`pss.origin =root,http,https`) accepts path-embedded upstreams such as `/root://origin.cern.ch:1094//store/file.dat` as well. Each PSS hop forwards one layer; with `multi_origin = 1`, JournalCache on a proxy unwraps the full chain in one step for open, allowlist checks, and cache keys.
485
493
486
494
**Plugin options** (client config for the xrootd/PSS process):
487
495
488
496
| Key | Meaning |
489
497
|-----|---------|
490
-
|`multi_origin = 1`| Unwrap chained URLs to the inner upstream for open + journal cache key |
491
-
|`allow_origin = <regex>`| Allowed upstream patterns (comma-separated or repeated key); matched against full URL, location, or host |
498
+
|`multi_origin = 1`| Unwrap chained URLs to the innermost upstream for open + journal cache key |
499
+
|`allow_origin = <regex>`| Allowed upstream patterns (comma-separated or repeated key); matched against the fully unwrapped URL, location, or host |
<p>PSS forwarding (<code>pss.origin =root,http,https</code>) also accepts path-embedded upstreams such as <code>/root://origin.cern.ch:1094//store/file.dat</code>.</p>
533
+
<p>Longer chains with <strong>N proxies</strong> are supported; JournalCache unwraps through every embedded hop to the innermost upstream:</p>
<p>Use the usual XRootD <code>//</code> separator before each path segment. PSS forwarding (<code>pss.origin =root,http,https</code>) also accepts path-embedded upstreams such as <code>/root://origin.cern.ch:1094//store/file.dat</code>. Each PSS hop forwards one layer; with <code>multi_origin = 1</code>, JournalCache unwraps the full chain in one step for open, allowlist checks, and cache keys.</p>
534
536
<table>
535
537
<tr><th>Key</th><th>Meaning</th></tr>
536
-
<tr><td><code>multi_origin = 1</code></td><td>Unwrap chained URLs to the inner upstream for open + journal cache key</td></tr>
537
-
<tr><td><code>allow_origin = <regex></code></td><td>Allowed upstream patterns (comma-separated or repeated)</td></tr>
538
+
<tr><td><code>multi_origin = 1</code></td><td>Unwrap chained URLs to the innermost upstream for open + journal cache key</td></tr>
539
+
<tr><td><code>allow_origin = <regex></code></td><td>Allowed upstream patterns; matched against the fully unwrapped URL</td></tr>
538
540
</table>
539
541
<p>Environment overrides: <code>XRD_JOURNALCACHE_MULTI_ORIGIN</code>, <code>XRD_JOURNALCACHE_ALLOW_ORIGIN</code>. The HTTP ext handler accepts the same <code>allow_origin</code> lines and rejects disallowed upstreams with <strong>403</strong>.</p>
Use the usual XRootD `//` separator before each path segment (including each embedded URL).
325
+
326
+
PSS forwarding (`pss.origin =root,http,https`) also accepts path-embedded upstreams such as `/root://origin.cern.ch:1094//store/file.dat`. Each PSS hop forwards one layer; with `multi_origin = 1`, JournalCache on a proxy unwraps the full chain in one step for open, allowlist checks, and cache keys.
319
327
320
328
| Key | Meaning |
321
329
|-----|---------|
322
-
|`multi_origin = 1`| Unwrap chained URLs to the inner upstream for open + journal cache key |
323
-
|`allow_origin = <regex>`| Allowed upstream patterns (comma-separated or repeated); matched against full URL, location, or host |
330
+
|`multi_origin = 1`| Unwrap chained URLs to the innermost upstream for open + journal cache key |
331
+
|`allow_origin = <regex>`| Allowed upstream patterns (comma-separated or repeated); matched against the fully unwrapped URL, location, or host |
0 commit comments