diff --git a/etc/iotronic/iotronic.conf b/etc/iotronic/iotronic.conf index ebb77a1..b2cb670 100644 --- a/etc/iotronic/iotronic.conf +++ b/etc/iotronic/iotronic.conf @@ -53,28 +53,28 @@ project_domain_id= default auth_url = http://:35357 [cors] +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. Format: +# "://[:]", no trailing slash. Example: +# https://horizon.example.com (list value) +#allowed_origin = -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "://[:]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials (boolean value) +# Indicate that the actual request can include user +# credentials (boolean value) #allow_credentials = true -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token +# Indicate which headers are safe to expose to the API. +# Defaults to HTTP Simple Headers. (list value) +#expose_headers = -# Maximum cache age of CORS preflight requests. (integer value) +# Maximum cache age of CORS preflight requests. (integer +# value) #max_age = 3600 -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name - - +# Indicate which methods can be used during the actual +# request. (list value) +#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH +# Indicate which header field names may be used during the +# actual request. (list value) +#allow_headers = \ No newline at end of file diff --git a/iotronic/api/app.py b/iotronic/api/app.py index ac6d0d9..4c7dc54 100644 --- a/iotronic/api/app.py +++ b/iotronic/api/app.py @@ -95,6 +95,20 @@ def get_pecan_config(): return pecan.configuration.conf_from_file(filename) +class IotronicCORS(cors_middleware.CORS): + """Iotronic-specific CORS class + We're adding the Iotronic-specific version headers to the list of simple + headers in order that a request bearing those headers might be accepted by + the Iotronic REST API. + """ + simple_headers = cors_middleware.CORS.simple_headers + [ + 'X-Auth-Token', + base.Version.max_string, + base.Version.min_string, + base.Version.string + ] + + def setup_app(config=None): app_hooks = [hooks.ConfigHook(), @@ -121,10 +135,8 @@ def setup_app(config=None): # Create a CORS wrapper, and attach iotronic-specific defaults that must be # included in all CORS responses. - app = cors_middleware.CORS(app, CONF) + app = IotronicCORS(app, CONF) cors_middleware.set_defaults( - allow_headers=[base.Version.max_string, base.Version.min_string, - base.Version.string], allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'], expose_headers=[base.Version.max_string, base.Version.min_string, base.Version.string]