From ea49e4faa72b926b70708e783286de7a690526a0 Mon Sep 17 00:00:00 2001 From: Michael Krotscheck Date: Mon, 19 Oct 2015 06:43:40 -0700 Subject: [PATCH] Adds CORS support to Cinder This patch adds the CORS support middleware to Cinder, allowing a deployer to optionally configure rules under which a javascript client may break the single-origin policy and access the API directly. For cinder, the paste.ini method of deploying the middleware was chosen, because it needs to be able to annotate responses created by keystonemiddleware. If the middleware was explicitly included, keystone would reject the request before the cross-domain headers could be annotated, resulting in an error response that is unreadable by the user agent. Note that tests were explicitly not included. Cinder does not possess a functional test suite, and thus constructing any fake application with the CORS Middleware would not correctly test the paste.ini initialization code path. OpenStack CrossProject Spec: http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html Oslo_Middleware Docs: http://docs.openstack.org/developer/oslo.middleware/cors.html OpenStack Cloud Admin Guide: http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html DocImpact Change-Id: Ifac1f2c56365089a36091dc2e38d4641c135ea34 --- etc/cinder/api-paste.ini | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/etc/cinder/api-paste.ini b/etc/cinder/api-paste.ini index b2822b044..73c6ad1ea 100644 --- a/etc/cinder/api-paste.ini +++ b/etc/cinder/api-paste.ini @@ -10,19 +10,23 @@ use = call:cinder.api:root_app_factory [composite:openstack_volume_api_v1] use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 [composite:openstack_volume_api_v2] use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 [filter:request_id] paste.filter_factory = oslo_middleware.request_id:RequestId.factory +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + [filter:faultwrap] paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory @@ -44,7 +48,7 @@ paste.app_factory = cinder.api.v1.router:APIRouter.factory paste.app_factory = cinder.api.v2.router:APIRouter.factory [pipeline:apiversions] -pipeline = faultwrap osvolumeversionapp +pipeline = cors faultwrap osvolumeversionapp [app:osvolumeversionapp] paste.app_factory = cinder.api.versions:Versions.factory -- 2.45.2