diff options
author | Michael Krotscheck <krotscheck@gmail.com> | 2015-10-19 06:57:51 -0700 |
---|---|---|
committer | Michael Krotscheck <krotscheck@gmail.com> | 2015-11-11 14:28:50 -0800 |
commit | e37e738aae3124083ed090eeea076157a3eb16d9 (patch) | |
tree | 1499edd1046d4588c6741ebefd1a6955091b3c14 /etc/nova/api-paste.ini | |
parent | cb92a37d5a7a391a801955fe2d5a4d6dcfe52a92 (diff) | |
download | nova-e37e738aae3124083ed090eeea076157a3eb16d9.tar.gz |
Added CORS support to Nova
This adds the CORS support middleware to Nova, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
The paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware. If the middleware were explicitly included,
keystone would reject the request before the cross-domain headers
could be annotated, resulting in an error response that was
unreadable by the user agent.
The test suite was expanded, to permit the inclusion of
HTTP headers, and to add the ability to send an OPTIONS request.
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
bp:nova-cors
Change-Id: Ibc95df0860799ff36f682da7d032d5422b0c39c1
Diffstat (limited to 'etc/nova/api-paste.ini')
-rw-r--r-- | etc/nova/api-paste.ini | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index cb5ea6713a..3e73ba867d 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -6,7 +6,7 @@ use = egg:Paste#urlmap /: meta [pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp +pipeline = cors ec2faultwrap logrequest metaapp [app:metaapp] paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory @@ -22,8 +22,8 @@ use = egg:Paste#urlmap [composite:ec2cloud] use = call:nova.api.auth:pipeline_factory -noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor -keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor +noauth2 = cors ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +keystone = cors ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor [filter:ec2faultwrap] paste.filter_factory = nova.api.ec2:FaultWrapper.factory @@ -82,19 +82,19 @@ use = call:nova.api.openstack.urlmap:urlmap_factory # NOTE: this is deprecated in favor of openstack_compute_api_v21_legacy_v2_compatible [composite:openstack_compute_api_legacy_v2] use = call:nova.api.auth:pipeline_factory -noauth2 = compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit osapi_compute_app_legacy_v2 -keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2 +noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2 +keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit osapi_compute_app_legacy_v2 +keystone_nolimit = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 -noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 +noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 +keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 [composite:openstack_compute_api_v21_legacy_v2_compatible] use = call:nova.api.auth:pipeline_factory_v21 -noauth2 = compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 +noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 +keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 [filter:request_id] paste.filter_factory = oslo_middleware:RequestId.factory @@ -133,6 +133,10 @@ paste.app_factory = nova.api.openstack.compute.versions:Versions.factory # Shared # ########## +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = nova + [filter:keystonecontext] paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory |