Set default allow methods to those defined in RFC 2616

This patch updates the default allow_methods config setting to all headers defined in RFC 2616 Section 9. We were cherry-picking headers here with no justification, and in order to be backwards compatible, this patch opts to be inclusive of all valid methods. Specific methods can still be overridden. https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html Change-Id: I3e87e3bdb643706bcd4def1780d84ac8d45addb9
author: Michael Krotscheck <krotscheck@gmail.com> 2016-03-16 09:19:06 -0700
committer: Michael Krotscheck <krotscheck@gmail.com> 2016-05-04 06:53:02 -0700
commit: 1e5f746ac4d991d76505dd43b0da9594da5005c7 (patch)
tree: 46ae5db43ca128e467f22f42bab2daa5f6c4ab9f
parent: 7398879387e67aaa8df47c4eede36061733e43c1 (diff)
download: oslo-middleware-1e5f746ac4d991d76505dd43b0da9594da5005c7.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py
index 804b123..71edde3 100644
--- a/oslo_middleware/cors.py
+++ b/oslo_middleware/cors.py
@@ -44,7 +44,8 @@ CORS_OPTS = [
                default=3600,
                help='Maximum cache age of CORS preflight requests.'),
     cfg.ListOpt('allow_methods',
-                default=['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+                default=['OPTIONS', 'GET', 'HEAD', 'POST', 'PUT', 'DELETE',
+                         'TRACE'],  # RFC 2616
                 help='Indicate which methods can be used during the actual '
                      'request.'),
     cfg.ListOpt('allow_headers',
author	Michael Krotscheck <krotscheck@gmail.com>	2016-03-16 09:19:06 -0700
committer	Michael Krotscheck <krotscheck@gmail.com>	2016-05-04 06:53:02 -0700
commit	1e5f746ac4d991d76505dd43b0da9594da5005c7 (patch)
tree	46ae5db43ca128e467f22f42bab2daa5f6c4ab9f
parent	7398879387e67aaa8df47c4eede36061733e43c1 (diff)
download	oslo-middleware-1e5f746ac4d991d76505dd43b0da9594da5005c7.tar.gz