Added Keystone and RequestID headers to CORS middleware

CORS middleware's latent configuration feature, new in 3.0.0, allows adding headers that apply to all valid origins. This patch adds headers commonly used in openstack to heat's paste pipeline, so that operators do not have to be aware of additional configuration magic to ensure that browsers can talk to the API. For more information: http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy Change-Id: Ic32d7d2b8d5e1433f806753e94abdc727db07c68
2016-01-08 10:23:34 -08:00
parent c5549259ba
commit 26b552f53d
1 changed files with 3 additions and 0 deletions
--- a/etc/heat/api-paste.ini
+++ b/etc/heat/api-paste.ini
@@ -59,6 +59,9 @@ heat.filter_factory = heat.api.openstack:version_negotiation_filter
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = heat
+latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
+latent_allow_methods = GET, PUT, POST, DELETE, PATCH

 [filter:faultwrap]
 paste.filter_factory = heat.common.wsgi:filter_factory