diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py index fb4f857..f5982b4 100644 --- a/oslo_middleware/cors.py +++ b/oslo_middleware/cors.py @@ -13,7 +13,6 @@ # limitations under the License. import copy -from debtcollector import moves import logging import debtcollector @@ -130,12 +129,6 @@ class CORS(base.ConfigurableMiddleware): except Exception: return None - self.set_latent( - allow_headers=sanitize(self.conf.get('latent_allow_headers')), - expose_headers=sanitize(self.conf.get('latent_expose_headers')), - allow_methods=sanitize(self.conf.get('latent_allow_methods')) - ) - @classmethod def factory(cls, global_conf, **local_conf): """factory method for paste.deploy @@ -156,13 +149,6 @@ class CORS(base.ConfigurableMiddleware): def _init_conf(self): '''Initialize this middleware from an oslo.config instance.''' - # Set up a location for our latent configuration options - self._latent_configuration = { - 'allow_headers': [], - 'expose_headers': [], - 'methods': [] - } - # First, check the configuration and register global options. self.oslo_conf.register_opts(CORS_OPTS, 'cors') @@ -245,42 +231,6 @@ class CORS(base.ConfigurableMiddleware): 'allow_headers': allow_headers } - @moves.moved_method('set_defaults', - message='CORS.set_latent has been deprecated in favor ' - 'of oslo_middleware.cors.set_defaults') - def set_latent(self, allow_headers=None, allow_methods=None, - expose_headers=None): - '''Add a new latent property for this middleware. - - Latent properties are those values which a system requires for - operation. API-specific headers, for example, may be added by an - engineer so that they ship with the codebase, and thus do not require - extra documentation or passing of institutional knowledge. - - :param allow_headers: HTTP headers permitted in client requests. - :param allow_methods: HTTP methods permitted in client requests. - :param expose_headers: HTTP Headers exposed to clients. - ''' - - if allow_headers: - if isinstance(allow_headers, list): - self._latent_configuration['allow_headers'] = allow_headers - else: - raise TypeError("allow_headers must be a list or None.") - - if expose_headers: - if isinstance(expose_headers, list): - self._latent_configuration['expose_headers'] = expose_headers - else: - raise TypeError("expose_headers must be a list or None.") - - if allow_methods: - if isinstance(allow_methods, list): - self._latent_configuration['methods'] = allow_methods - else: - raise TypeError("allow_methods parameter must be a list or" - " None.") - def process_response(self, response, request=None): '''Check for CORS headers, and decorate if necessary. @@ -361,10 +311,7 @@ class CORS(base.ConfigurableMiddleware): return response # Compare request method to permitted methods (Section 6.2.5) - permitted_methods = ( - cors_config['allow_methods'] + - self._latent_configuration['methods'] - ) + permitted_methods = cors_config['allow_methods'] if request_method not in permitted_methods: LOG.debug('Request method \'%s\' not in permitted list: %s' % (request_method, permitted_methods)) @@ -374,8 +321,7 @@ class CORS(base.ConfigurableMiddleware): # (Section 6.2.6) permitted_headers = [header.upper() for header in (cors_config['allow_headers'] + - self.simple_headers + - self._latent_configuration['allow_headers'])] + self.simple_headers)] for requested_header in request_headers: upper_header = requested_header.upper() if upper_header not in permitted_headers: @@ -448,8 +394,7 @@ class CORS(base.ConfigurableMiddleware): # Attach the exposed headers and exit. (Section 6.1.4) if cors_config['expose_headers']: response.headers['Access-Control-Expose-Headers'] = \ - ','.join(cors_config['expose_headers'] + - self._latent_configuration['expose_headers']) + ','.join(cors_config['expose_headers']) # NOTE(sileht): Shortcut for backwards compatibility filter_factory = CORS.factory diff --git a/oslo_middleware/tests/test_cors.py b/oslo_middleware/tests/test_cors.py index 8efa2c8..c64c539 100644 --- a/oslo_middleware/tests/test_cors.py +++ b/oslo_middleware/tests/test_cors.py @@ -280,29 +280,6 @@ class CORSTestFilterFactory(CORSTestBase): # Now that the config is set up, create our application. self.application = cors.CORS(test_application, self.config) - def test_factory_latent_properties(self): - '''Assert latent properties in paste.ini config. - - If latent_* properties are added to a paste.ini config, assert that - they are persisted in the middleware. - ''' - - # Spaces in config are deliberate to frobb the config parsing. - filter = cors.filter_factory(global_conf=None, - oslo_config_project='foobar', - latent_expose_headers=' X-Header-1 , X-2', - latent_allow_headers='X-Header-1 , X-2', - latent_allow_methods='GET,PUT, POST') - app = filter(test_application) - - # Ensure that the properties are in latent configuration. - self.assertEqual(['X-Header-1', 'X-2'], - app._latent_configuration['expose_headers']) - self.assertEqual(['X-Header-1', 'X-2'], - app._latent_configuration['allow_headers']) - self.assertEqual(['GET', 'PUT', 'POST'], - app._latent_configuration['methods']) - class CORSRegularRequestTest(CORSTestBase): """CORS Specification Section 6.1 @@ -1261,112 +1238,3 @@ class CORSTestWildcard(CORSTestBase): allow_credentials='true', expose_headers=None, has_content_type=True) - - -class CORSTestLatentProperties(CORSTestBase): - """Test the CORS wildcard specification.""" - - def setUp(self): - super(CORSTestLatentProperties, self).setUp() - - fixture = self.config_fixture # Line length accommodation - fixture.load_raw_values(group='cors', - allowed_origin='http://default.example.com', - allow_credentials='True', - max_age='', - expose_headers='X-Configured', - allow_methods='GET', - allow_headers='X-Configured') - - # Now that the config is set up, create our application. - self.application = cors.CORS(test_application, self.config) - - def test_latent_methods(self): - """Assert that latent HTTP methods are permitted.""" - - self.application.set_latent(allow_headers=None, - expose_headers=None, - allow_methods=['POST']) - - request = webob.Request.blank('/') - request.method = "OPTIONS" - request.headers['Origin'] = 'http://default.example.com' - request.headers['Access-Control-Request-Method'] = 'POST' - response = request.get_response(self.application) - self.assertCORSResponse(response, - status='200 OK', - allow_origin='http://default.example.com', - max_age=None, - allow_methods='POST', - allow_headers='', - allow_credentials='true', - expose_headers=None) - - def test_invalid_latent_methods(self): - """Assert that passing a non-list is caught.""" - - self.assertRaises(TypeError, - self.application.set_latent, - allow_methods='POST') - - def test_latent_allow_headers(self): - """Assert that latent HTTP headers are permitted.""" - - self.application.set_latent(allow_headers=['X-Latent'], - expose_headers=None, - allow_methods=None) - - request = webob.Request.blank('/') - request.method = "OPTIONS" - request.headers['Origin'] = 'http://default.example.com' - request.headers['Access-Control-Request-Method'] = 'GET' - request.headers[ - 'Access-Control-Request-Headers'] = 'X-Latent,X-Configured' - response = request.get_response(self.application) - self.assertCORSResponse(response, - status='200 OK', - allow_origin='http://default.example.com', - max_age=None, - allow_methods='GET', - allow_headers='X-Latent,X-Configured', - allow_credentials='true', - expose_headers=None) - - def test_invalid_latent_allow_headers(self): - """Assert that passing a non-list is caught in allow headers.""" - - self.assertRaises(TypeError, - self.application.set_latent, - allow_headers='X-Latent') - - def test_latent_expose_headers(self): - """Assert that latent HTTP headers are exposed.""" - - self.application.set_latent(allow_headers=None, - expose_headers=[ - 'X-Server-Generated-Response'], - allow_methods=None) - - request = webob.Request.blank('/') - request.method = "GET" - request.headers['Origin'] = 'http://default.example.com' - response = request.get_response(self.application) - self.assertCORSResponse(response, - status='200 OK', - allow_origin='http://default.example.com', - max_age=None, - allow_methods=None, - allow_headers=None, - allow_credentials='true', - expose_headers='X-Configured,' - 'X-Server-Generated-Response', - has_content_type=True) - - def test_invalid_latent_expose_headers(self): - """Assert that passing a non-list is caught in expose headers.""" - - # Add headers to the application. - - self.assertRaises(TypeError, - self.application.set_latent, - expose_headers='X-Latent')