diff options
author | Michael Krotscheck <krotscheck@gmail.com> | 2016-03-16 09:19:06 -0700 |
---|---|---|
committer | Michael Krotscheck <krotscheck@gmail.com> | 2016-05-04 06:53:02 -0700 |
commit | 1e5f746ac4d991d76505dd43b0da9594da5005c7 (patch) | |
tree | 46ae5db43ca128e467f22f42bab2daa5f6c4ab9f | |
parent | 7398879387e67aaa8df47c4eede36061733e43c1 (diff) | |
download | oslo-middleware-1e5f746ac4d991d76505dd43b0da9594da5005c7.tar.gz |
Set default allow methods to those defined in RFC 2616
This patch updates the default allow_methods config setting
to all headers defined in RFC 2616 Section 9. We were
cherry-picking headers here with no justification, and in order
to be backwards compatible, this patch opts to be inclusive
of all valid methods. Specific methods can still be overridden.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
Change-Id: I3e87e3bdb643706bcd4def1780d84ac8d45addb9
-rw-r--r-- | oslo_middleware/cors.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py index 804b123..71edde3 100644 --- a/oslo_middleware/cors.py +++ b/oslo_middleware/cors.py @@ -44,7 +44,8 @@ CORS_OPTS = [ default=3600, help='Maximum cache age of CORS preflight requests.'), cfg.ListOpt('allow_methods', - default=['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], + default=['OPTIONS', 'GET', 'HEAD', 'POST', 'PUT', 'DELETE', + 'TRACE'], # RFC 2616 help='Indicate which methods can be used during the actual ' 'request.'), cfg.ListOpt('allow_headers', |