Cors fix default header
Allowed x-auth-token headers by default Change-Id: I8182bd57c2d13606677d2d127dbfd290620de524
This commit is contained in:
parent
f596a06fae
commit
cbc3e8d3a1
|
@ -53,28 +53,28 @@ project_domain_id= default
|
|||
auth_url = http://<keystone_host>:35357
|
||||
|
||||
[cors]
|
||||
# Indicate whether this resource may be shared with the domain
|
||||
# received in the requests "origin" header. Format:
|
||||
# "<protocol>://<host>[:<port>]", no trailing slash. Example:
|
||||
# https://horizon.example.com (list value)
|
||||
#allowed_origin = <None>
|
||||
|
||||
# Indicate whether this resource may be shared with the domain received in the
|
||||
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
|
||||
# slash. Example: https://horizon.example.com (list value)
|
||||
#allowed_origin = <none>
|
||||
|
||||
# Indicate that the actual request can include user credentials (boolean value)
|
||||
# Indicate that the actual request can include user
|
||||
# credentials (boolean value)
|
||||
#allow_credentials = true
|
||||
|
||||
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
|
||||
# Headers. (list value)
|
||||
#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
|
||||
# Indicate which headers are safe to expose to the API.
|
||||
# Defaults to HTTP Simple Headers. (list value)
|
||||
#expose_headers =
|
||||
|
||||
# Maximum cache age of CORS preflight requests. (integer value)
|
||||
# Maximum cache age of CORS preflight requests. (integer
|
||||
# value)
|
||||
#max_age = 3600
|
||||
|
||||
# Indicate which methods can be used during the actual request. (list value)
|
||||
#allow_methods = GET,PUT,POST,DELETE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the actual request.
|
||||
# (list value)
|
||||
#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name
|
||||
|
||||
|
||||
# Indicate which methods can be used during the actual
|
||||
# request. (list value)
|
||||
#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the
|
||||
# actual request. (list value)
|
||||
#allow_headers =
|
|
@ -95,6 +95,20 @@ def get_pecan_config():
|
|||
return pecan.configuration.conf_from_file(filename)
|
||||
|
||||
|
||||
class IotronicCORS(cors_middleware.CORS):
|
||||
"""Iotronic-specific CORS class
|
||||
We're adding the Iotronic-specific version headers to the list of simple
|
||||
headers in order that a request bearing those headers might be accepted by
|
||||
the Iotronic REST API.
|
||||
"""
|
||||
simple_headers = cors_middleware.CORS.simple_headers + [
|
||||
'X-Auth-Token',
|
||||
base.Version.max_string,
|
||||
base.Version.min_string,
|
||||
base.Version.string
|
||||
]
|
||||
|
||||
|
||||
def setup_app(config=None):
|
||||
|
||||
app_hooks = [hooks.ConfigHook(),
|
||||
|
@ -121,10 +135,8 @@ def setup_app(config=None):
|
|||
|
||||
# Create a CORS wrapper, and attach iotronic-specific defaults that must be
|
||||
# included in all CORS responses.
|
||||
app = cors_middleware.CORS(app, CONF)
|
||||
app = IotronicCORS(app, CONF)
|
||||
cors_middleware.set_defaults(
|
||||
allow_headers=[base.Version.max_string, base.Version.min_string,
|
||||
base.Version.string],
|
||||
allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
|
||||
expose_headers=[base.Version.max_string, base.Version.min_string,
|
||||
base.Version.string]
|
||||
|
|
Loading…
Reference in New Issue