openstack/cinder
Code Issues Proposed changes

Adds CORS support to Cinder

Browse Source 
This patch adds the CORS support middleware to Cinder, allowing a
deployer to optionally configure rules under which a javascript client
may break the single-origin policy and access the API directly.

For cinder, the paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware. If the middleware was explicitly included,
keystone would reject the request before the cross-domain headers
could be annotated, resulting in an error response that is
unreadable by the user agent.

Note that tests were explicitly not included. Cinder does not
possess a functional test suite, and thus constructing any
fake application with the CORS Middleware would not correctly
test the paste.ini initialization code path.

OpenStack CrossProject Spec:
   http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
   http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
   http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
DocImpact

Change-Id: Ifac1f2c56365089a36091dc2e38d4641c135ea34
This commit is contained in:
Michael Krotscheck 2015-10-19 06:43:40 -07:00
parent aa6265b108
commit ea49e4faa7
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
etc/cinder/api-paste.ini
View File

@ -10,19 +10,23 @@ use = call:cinder.api:root_app_factory
[composite:openstack_volume_api_v1] [composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv1
keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
[composite:openstack_volume_api_v2] [composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
[filter:request_id] [filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory paste.filter_factory = oslo_middleware.request_id:RequestId.factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = cinder
[filter:faultwrap] [filter:faultwrap]
paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
@ -44,7 +48,7 @@ paste.app_factory = cinder.api.v1.router:APIRouter.factory
paste.app_factory = cinder.api.v2.router:APIRouter.factory paste.app_factory = cinder.api.v2.router:APIRouter.factory
[pipeline:apiversions] [pipeline:apiversions]
pipeline = faultwrap osvolumeversionapp pipeline = cors faultwrap osvolumeversionapp
[app:osvolumeversionapp] [app:osvolumeversionapp]
paste.app_factory = cinder.api.versions:Versions.factory paste.app_factory = cinder.api.versions:Versions.factory