From 3d7ef0400e45b47fa369cfc498adbf76ad52f336 Mon Sep 17 00:00:00 2001
From: Michael Krotscheck <krotscheck@gmail.com>
Date: Fri, 8 Jan 2016 11:18:51 -0800
Subject: [PATCH] Added Keystone and RequestID headers to CORS middleware

CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to neutron's paste
pipeline, so that operators do not have to be aware of additional
configuration magic to ensure that browsers can talk to the API.

For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy

Change-Id: Ic08fcb7833563bbeca3e0ba2d03438d4be594418
---
 etc/api-paste.ini         | 4 ++--
 neutron/pecan_wsgi/app.py | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/etc/api-paste.ini b/etc/api-paste.ini
index 3e79feb9e..4884fe382 100644
--- a/etc/api-paste.ini
+++ b/etc/api-paste.ini
@@ -17,8 +17,8 @@ paste.filter_factory = oslo_middleware:CatchErrors.factory
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = neutron
-latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id
-latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id
+latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
 latent_allow_methods = GET, PUT, POST, DELETE, PATCH
 
 [filter:keystonecontext]
diff --git a/neutron/pecan_wsgi/app.py b/neutron/pecan_wsgi/app.py
index 7860da5a7..b54ccae4f 100644
--- a/neutron/pecan_wsgi/app.py
+++ b/neutron/pecan_wsgi/app.py
@@ -83,9 +83,12 @@ def _wrap_app(app):
     # by the browser.
     app = cors.CORS(app, cfg.CONF)
     app.set_latent(
-        allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'],
+        allow_headers=['X-Auth-Token', 'X-Identity-Status', 'X-Roles',
+                       'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id',
+                       'X-OpenStack-Request-ID'],
         allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
-        expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']
+        expose_headers=['X-Auth-Token', 'X-Subject-Token', 'X-Service-Token',
+                        'X-OpenStack-Request-ID']
     )
 
     return app
-- 
2.45.2