diff options
| author | Michael Krotscheck <krotscheck@gmail.com> | 2016-05-04 09:56:18 -0700 |
|---|---|---|
| committer | Michael Krotscheck <krotscheck@gmail.com> | 2016-05-09 07:18:21 -0700 |
| commit | 399e94043fdf40f413f0335387b1d92f0dd215ce (patch) | |
| tree | 139a85cbfec6bd8ce9b79624dcdb489e807e84d1 /doc | |
| parent | ea167241d483e678a766a936d8d6208e85341184 (diff) | |
| download | oslo-middleware-399e94043fdf40f413f0335387b1d92f0dd215ce.tar.gz | |
Deprecate multiple config block parsing.
With the introduction of set_defaults, as well as new documentation
features for default values in oslo_config, the CORS middleware
has been placed in the odd position where its configuration behaves
inconsistently. If you configure via add_origin, then defaults set
in set_defaults are not honored. If you configure via multiple
configuration blocks ([cors.foo]), then the defaults are also not
honored.
Additionally, with the conversion of allowed_origin into a list_opt,
there is less direct need for multiple config-block parsing.
In order to ensure that the middleware behaves consistently with
the rest of oslo, as well as adheres to a set of basic sane assumptions
made by consumers, this patch deprecates the code path that searches
oslo's configuration for multiple [cors.*] blocks. Subsequent patches
will add additional deprecation flags to this end.
Change-Id: I49c15ccc2dce03b0dea33ec45ef6e271e58582da
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/cors.rst | 26 |
1 files changed, 1 insertions, 25 deletions
diff --git a/doc/source/cors.rst b/doc/source/cors.rst index 2788096..765a681 100644 --- a/doc/source/cors.rst +++ b/doc/source/cors.rst @@ -45,7 +45,7 @@ domain, using oslo_config:: app = cors.CORS(your_wsgi_application, cfg.CONF) -In your application's config file, then include a default configuration block +In your application's config file, then include a configuration block something like this:: [cors] @@ -55,30 +55,6 @@ something like this:: allow_headers=X-Custom-Header expose_headers=X-Custom-Header -This middleware permits you to override the rules for multiple -`allowed_origin`'s. To express this in your configuration file, first begin -with a `[cors]` group as above, into which you place your default -configuration values. Then add as many additional configuration groups as -necessary, naming them `[cors.something]` (each name must be unique). The -purpose of the suffix to `cors.` is legibility, we recommend using a -reasonable human-readable string:: - - [cors.ironic_webclient] - # CORS Configuration for a hypothetical ironic webclient, which overrides - # authentication - allowed_origin=https://ironic.example.com:443 - allow_credentials=True - - [cors.horizon] - # CORS Configuration for horizon, which uses global options. - allowed_origin=https://horizon.example.com:443 - - [cors.wildcard] - # CORS Configuration for the CORS specified domain wildcard, which only - # permits HTTP GET requests. - allowed_origin=* - allow_methods=GET - If your software requires specific headers or methods for proper operation, you may include these as latent properties. These will be evaluated in addition to any found in configuration:: |