Enable CORS for new /api directory and gzip
This patch adds access control headers to the location /api/v1/assets. This will allow a Horizon panel to work with the App Catalog directly. For multiple deployments of OpenStack to access the JSON file regardless of their domain name, this additional header (Access-Control-Allow-Origin) must be set to "*" which will enable cross- origin resource sharing which is normally forbidden to prevent security issues related to cross-site scripting. This change also enables compression on the file, giving roughly a 5x reduction in download size. This patch also removes this access control header from /static To provide content at /api/v1/assets this patch replaces a trigger that used to build a JSON file via a shell call in puppet with a call to a script on the server. Authored-By: Christopher Aedo <doc@aedo.net> Co-Authored-By: Kevin Fox <kevin@efox.cc> Change-Id: I4da417908186c24767310d337bc3bbbc07964d48 Closes-Bug: 1490609
This commit is contained in:
parent
9db65f3984
commit
f8e7040a25
|
@ -35,7 +35,18 @@ class apps_site (
|
|||
}
|
||||
|
||||
httpd_mod { 'headers':
|
||||
ensure => present
|
||||
ensure => present,
|
||||
notify => Service['httpd']
|
||||
}
|
||||
|
||||
httpd_mod { 'rewrite':
|
||||
ensure => present,
|
||||
notify => Service['httpd']
|
||||
}
|
||||
|
||||
httpd_mod { 'deflate':
|
||||
ensure => present,
|
||||
notify => Service['httpd']
|
||||
}
|
||||
|
||||
if ! defined(Package['python-yaml']) {
|
||||
|
@ -44,6 +55,12 @@ class apps_site (
|
|||
}
|
||||
}
|
||||
|
||||
if ! defined(Package['zopfli']) {
|
||||
package { 'zopfli':
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
|
||||
file { "${root_dir}/openstack_catalog/web/api":
|
||||
ensure => directory,
|
||||
}
|
||||
|
@ -53,7 +70,7 @@ class apps_site (
|
|||
}
|
||||
|
||||
exec { 'make_assets_json' :
|
||||
command => "python -c 'import sys, yaml, json; json.dump(yaml.load(sys.stdin), sys.stdout)' < ${root_dir}/openstack_catalog/web/static/assets.yaml > ${root_dir}/openstack_catalog/web/api/v1/assets",
|
||||
command => "${root_dir}/tools/update_assets.sh",
|
||||
path => '/usr/local/bin:/usr/bin:/bin',
|
||||
refreshonly => true,
|
||||
subscribe => Vcsrepo[$root_dir],
|
||||
|
|
|
@ -11,9 +11,26 @@
|
|||
Allow from all
|
||||
Satisfy Any
|
||||
</Directory>
|
||||
<Directory <%= @docroot %>/static/>
|
||||
<Location "/api/v1/assets">
|
||||
Header set Access-Control-Allow-Origin "*"
|
||||
</Directory>
|
||||
Header set Content-type "application/json"
|
||||
Header set Access-Control-Allow-Headers "Origin, Accept-Encoding, Content-Type, X-App-Catalog-Versions"
|
||||
Header set Access-Control-Max-Age 3600
|
||||
Header set Cache-Control max-age=3600
|
||||
Header set Access-Control-Allow-Methods "GET, OPTIONS"
|
||||
SetOutputFilter DEFLATE
|
||||
</Location>
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
RewriteRule "^/api/v1/assets\.gz$" "-" [T=application/json,E=no-gzip:1]
|
||||
|
||||
RewriteCond %{REQUEST_METHOD} OPTIONS
|
||||
RewriteRule ^(/api/v1/assets)$ /static/blank.json [QSA,L]
|
||||
|
||||
RewriteCond "%{HTTP:Accept-Encoding}" "gzip"
|
||||
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
|
||||
RewriteRule "^(/api/v1/assets)" "$1\.gz" [QSA]
|
||||
|
||||
ErrorLog /var/log/apache2/app_site-error.log
|
||||
|
||||
|
|
Loading…
Reference in New Issue