From 26b552f53d1fef997b3e1a4b46faa752155a6654 Mon Sep 17 00:00:00 2001
From: Michael Krotscheck <krotscheck@gmail.com>
Date: Fri, 8 Jan 2016 10:23:34 -0800
Subject: [PATCH] Added Keystone and RequestID headers to CORS middleware

CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to heat's paste
pipeline, so that operators do not have to be aware of additional
configuration magic to ensure that browsers can talk to the API.

For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy

Change-Id: Ic32d7d2b8d5e1433f806753e94abdc727db07c68
---
 etc/heat/api-paste.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini
index b0613156ab..a576439c37 100644
--- a/etc/heat/api-paste.ini
+++ b/etc/heat/api-paste.ini
@@ -59,6 +59,9 @@ heat.filter_factory = heat.api.openstack:version_negotiation_filter
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = heat
+latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
+latent_allow_methods = GET, PUT, POST, DELETE, PATCH
 
 [filter:faultwrap]
 paste.filter_factory = heat.common.wsgi:filter_factory