diff options
author | Michael Krotscheck <krotscheck@gmail.com> | 2016-03-16 09:10:59 -0700 |
---|---|---|
committer | Michael Krotscheck <krotscheck@gmail.com> | 2016-05-04 06:52:59 -0700 |
commit | 7398879387e67aaa8df47c4eede36061733e43c1 (patch) | |
tree | 3784bdb421b726b253de1c27a0d2df328d64b911 /oslo_middleware | |
parent | d5974a05f7aa9b8d5406003f1fb9ac6290fe6f0e (diff) | |
download | oslo-middleware-7398879387e67aaa8df47c4eede36061733e43c1.tar.gz |
Removed default headers from CORS_OPTS
This patch removes all 'simple' headers from the default
configuration options, as these are already automatically
handled by the middleware (see line 80).
The list of simple headers is explicitly defined in the W3C
specification, here: https://www.w3.org/TR/cors/#terminology
Change-Id: I34aaec650aa57db083aedd07a5ebe47f6853aa4e
Diffstat (limited to 'oslo_middleware')
-rw-r--r-- | oslo_middleware/cors.py | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py index 2e53741..804b123 100644 --- a/oslo_middleware/cors.py +++ b/oslo_middleware/cors.py @@ -37,8 +37,7 @@ CORS_OPTS = [ help='Indicate that the actual request can include user ' 'credentials'), cfg.ListOpt('expose_headers', - default=['Content-Type', 'Cache-Control', 'Content-Language', - 'Expires', 'Last-Modified', 'Pragma'], + default=[], help='Indicate which headers are safe to expose to the API. ' 'Defaults to HTTP Simple Headers.'), cfg.IntOpt('max_age', @@ -49,8 +48,7 @@ CORS_OPTS = [ help='Indicate which methods can be used during the actual ' 'request.'), cfg.ListOpt('allow_headers', - default=['Content-Type', 'Cache-Control', 'Content-Language', - 'Expires', 'Last-Modified', 'Pragma'], + default=[], help='Indicate which header field names may be used during ' 'the actual request.') ] |