1d94dd4f2a
This adds the CORS support middleware to Heat, allowing a deployer to optionally configure rules under which a javascript client may break the single-origin policy and access the API directly. For heat, the paste.ini method of deploying the middleware was chosen, because it needs to be able to annotate responses created by keystonemiddleware. If the middleware were explicitly included as in the previous patch, keystone would reject the request before the cross-domain headers could be annotated, resulting in an error response that was unreadable by the user agent. OpenStack CrossProject Spec: http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html Oslo_Middleware Docs: http://docs.openstack.org/developer/oslo.middleware/cors.html OpenStack Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html docimpact Change-Id: I185f0d9f85617dd2f482cac4994ccc0a4cb6cf16 |
||
|---|---|---|
| .. | ||
| environment.d | ||
| templates | ||
| README-heat.conf.txt | ||
| api-paste.ini | ||
| policy.json | ||