Added CORS middleware to Sahara
This adds the CORS support middleware to Sahara, allowing a deployer to optionally configure rules under which a javascript client may break the single-origin policy and access the API directly. OpenStack Spec: http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html Oslo_Middleware Docs: http://docs.openstack.org/developer/oslo.middleware/cors.html OpenStack Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html Change-Id: I839e2adc0a13271cfb590a52a6626660cc17190e
This commit is contained in:
parent
407b9c3c32
commit
2dacda140e
@ -445,3 +445,35 @@ template, use the ``URL of NTP server`` setting in the ``General Parameters``
|
||||
section when you create the template. If you would like to disable NTP for a
|
||||
particular cluster template, deselect the ``Enable NTP service`` checkbox in
|
||||
the ``General Parameters`` section when you create the template.
|
||||
|
||||
CORS (Cross Origin Resource Sharing) Configuration
|
||||
--------------------------------------------------
|
||||
|
||||
Sahara provides direct API access to user-agents (browsers) via the HTTP
|
||||
CORS protocol. Detailed documentation, as well as troubleshooting examples,
|
||||
may be found in the OpenStack `Cloud Admin Guide`_.
|
||||
|
||||
To get started quickly, use the example configuration block below, replacing
|
||||
the :code:`allowed origin` field with the host(s) from which your API expects
|
||||
access.
|
||||
|
||||
.. sourcecode:: cfg
|
||||
|
||||
[cors]
|
||||
allowed_origin=https://we.example.com:443
|
||||
max_age=3600
|
||||
allow_credentials=true
|
||||
|
||||
[cors.additional_domain_1]
|
||||
allowed_origin=https://additional_domain_1.example.com:443
|
||||
|
||||
[cors.additional_domain_2]
|
||||
allowed_origin=https://additional_domain_2.example.com:443
|
||||
|
||||
..
|
||||
|
||||
For more information on Cross Origin Resource Sharing, please review the `W3C
|
||||
CORS specification`_.
|
||||
|
||||
.. _Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
|
||||
.. _W3C CORS specification: www.w3.org/TR/cors/
|
||||
|
@ -18,6 +18,7 @@ import os
|
||||
import flask
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
import oslo_middleware.cors as cors_middleware
|
||||
from oslo_middleware import request_id
|
||||
from oslo_service import systemd
|
||||
import six
|
||||
@ -154,6 +155,15 @@ def make_app():
|
||||
LOG.debug('Logging of request/response exchange could be enabled using'
|
||||
' flag --log-exchange')
|
||||
|
||||
# Create a CORS wrapper, and attach sahara-specific defaults that must be
|
||||
# included in all CORS responses.
|
||||
app.wsgi_app = cors_middleware.CORS(app.wsgi_app, CONF)
|
||||
app.wsgi_app.set_latent(
|
||||
allow_headers=['X-Auth-Token', 'X-Server-Management-Url'],
|
||||
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
|
||||
expose_headers=['X-Auth-Token', 'X-Server-Management-Url']
|
||||
)
|
||||
|
||||
if CONF.log_exchange:
|
||||
app.wsgi_app = log_exchange.LogExchange.factory(CONF)(app.wsgi_app)
|
||||
|
||||
|
@ -8,3 +8,4 @@ namespace = oslo.log
|
||||
namespace = oslo.policy
|
||||
namespace = oslo.service.periodic_task
|
||||
namespace = oslo.service.sslutils
|
||||
namespace = oslo.middleware.cors
|
Loading…
Reference in New Issue
Block a user