Added CORS support to Murano
This adds the CORS support middleware to Murano, allowing a deployer to optionally configure rules under which a javascript client may break the single-origin policy and access the API directly. Included are Murano's custom headers, so that anyone activating this middleware does not have to explicitly enable them. The paste.ini method of deploying the middleware was chosen, because it needs to be able to annotate responses created by other middleware. OpenStack CrossProject Spec: http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html Oslo_Middleware Docs: http://docs.openstack.org/developer/oslo.middleware/cors.html OpenStack Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html Change-Id: If9eff9a4bcf272eebe9fd9d4e13dec64decb4997
This commit is contained in:
parent
647e50b6d1
commit
76d617287c
@ -1,8 +1,8 @@
|
||||
[pipeline:cloudfoundry]
|
||||
pipeline = request_id ssl ext_context authtoken context cloudfoundryapi
|
||||
pipeline = cors request_id ssl ext_context authtoken context cloudfoundryapi
|
||||
|
||||
[pipeline:murano]
|
||||
pipeline = request_id ssl versionnegotiation faultwrap authtoken context rootapp
|
||||
pipeline = cors request_id ssl versionnegotiation faultwrap authtoken context rootapp
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = murano.api.middleware.context:ContextMiddleware.factory
|
||||
@ -41,3 +41,10 @@ paste.filter_factory = murano.api.middleware.ssl:SSLMiddleware.factory
|
||||
|
||||
[filter:ext_context]
|
||||
paste.filter_factory = murano.api.middleware.ext_context:ExternalContextMiddleware.factory
|
||||
|
||||
[filter:cors]
|
||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
||||
oslo_config_project = murano
|
||||
latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Configuration-Session, X-Roles, X-User-Id, X-Tenant-Id
|
||||
latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Configuration-Session, X-Roles, X-User-Id, X-Tenant-Id
|
||||
latent_allow_methods = GET, PUT, POST, DELETE, PATCH
|
||||
|
@ -5,5 +5,6 @@ namespace = murano
|
||||
namespace = oslo.db
|
||||
namespace = oslo.log
|
||||
namespace = oslo.messaging
|
||||
namespace = oslo.middleware.cors
|
||||
namespace = oslo.policy
|
||||
namespace = oslo.service.service
|
||||
|
Loading…
Reference in New Issue
Block a user