Revert "Add 'X-Auth-Token' default header to CORS middleware"

The existence of this header is not tested, and therefore can create fragility downstream as operators deploying an API may not realize that this setting is needed. If the upstream library is ever updated to remove this, all downstream projects will silently fail. Furthermore, the addition of openstack-specific headers as defaults in this library makes oslo_middleware less useful outside of openstack. The correct way to address this issue is to enable latent configuration from paste.ini. This way, each service can include their default headers in their packaged paste file. This reverts commit 562173aeb7. Change-Id: I401011ed055fea49268686deb5c25f02d2ca6164
2015-11-02 08:49:47 -08:00 · 2015-11-02 08:49:47 -08:00 · b4ad4f9073
commit b4ad4f9073
parent 6c58c6c1bc
1 changed files with 2 additions and 2 deletions
--- a/oslo_middleware/cors.py
+++ b/oslo_middleware/cors.py
@ -35,7 +35,7 @@ CORS_OPTS = [
                     'credentials'),
    cfg.ListOpt('expose_headers',
                default=['Content-Type', 'Cache-Control', 'Content-Language',
-                         'Expires', 'Last-Modified', 'Pragma', 'X-Auth-Token'],
+                         'Expires', 'Last-Modified', 'Pragma'],
                help='Indicate which headers are safe to expose to the API. '
                     'Defaults to HTTP Simple Headers.'),
    cfg.IntOpt('max_age',
@ -47,7 +47,7 @@ CORS_OPTS = [
                     'request.'),
    cfg.ListOpt('allow_headers',
                default=['Content-Type', 'Cache-Control', 'Content-Language',
-                         'Expires', 'Last-Modified', 'Pragma', 'X-Auth-Token'],
+                         'Expires', 'Last-Modified', 'Pragma'],
                help='Indicate which header field names may be used during '
                     'the actual request.')
 ]