← Back to team overview

openstack team mailing list archive

  1. openstack team
  2. Mailing list archive
  3. Message #10401

Re: Using Nova APIs from Javascript: possible?

  Thread PreviousDate PreviousThread Next 
Adam, in what way should the OS API support server-less clients? AFAIK the options are CORS or JSONP, no?
 
On Apr 23, 2012, at 5:50 AM, Adam Young wrote:

> I see this as a feature,  not a drawback.    The inability to access portions of the HTTP protocol is there to defend against attacks such as cross site request forgeries.  If we suppress that mechanism, we open up a lot of security holes.
> 
> 
> On 04/23/2012 06:09 AM, Adrian Smith wrote:
>> The authentication request returns X-Storage-Url and X-Auth-Token
>> headers. For the JS client to see them they need to be referenced in
>> Access-Control-Expose-Headers. As of the last time checked, both these
>> headers were being stripped from the response before being presented
>> to JS.
>> 
>> Adrian
>> 
>> 
>> On 23 April 2012 10:35, Nick Lothian<nick.lothian@xxxxxxxxx>  wrote:
>>> Hi Adrian,
>>> 
>>> Good to know this is a known issue.
>>> 
>>> Why does the client need to see custom headers from the server anyway?
>>> I know the client needs to pass the authorisation header to the server, but
>>> I haven't seen any of the APIs yet that return custom headers. (It's likely
>>> I'm missing them though)
>>> 
>>> Nick
>>> 
>>> On Apr 23, 2012 5:40 PM, "Adrian Smith"<adrian@xxxxxxxx>  wrote:
>>>> Hi Nick,
>>>> 
>>>> I did some work with CORS a few months back [1].
>>>> 
>>>> At the time I couldn't get any browser to work properly with CORS so I
>>>> just parked the code. The problem was lack of support for the
>>>> Access-Control-Expose-Headers header.
>>>> 
>>>> According to the Chrome bug report [2] this issue may well be fixed
>>>> now so I need to retest.
>>>> 
>>>> Adrian
>>>> 
>>>> [1]
>>>> http://www.mail-archive.com/openstack@xxxxxxxxxxxxxxxxxxx/msg07219.html
>>>> [2] http://code.google.com/p/chromium/issues/detail?id=87338
>>>> 
>>>> 
>>>> On 23 April 2012 06:19, Nick Lothian<nick.lothian@xxxxxxxxx>  wrote:
>>>>> Hi,
>>>>> 
>>>>> I've been playing with the Nova APIs from Javascript, and I've run into
>>>>> a
>>>>> problem.
>>>>> 
>>>>> The very first thing one needs to do to use the APIs is to get a token.
>>>>> 
>>>>> That requires a POST to the API endpoint. Using curl&  trystack that
>>>>> looks
>>>>> like this:
>>>>> 
>>>>> $ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d
>>>>> '{"auth":{"passwordCredentials":{"username": "<username>",
>>>>> "password":"<password>"}}}' -H 'Content-type: application/json'
>>>>> 
>>>>> 
>>>>> The Javascript equivalent (using JQuery) is:
>>>>> 
>>>>>     $.ajax({
>>>>>         url: "https://nova-api.trystack.org:5443/v2.0/tokens";,
>>>>>         type: 'POST',
>>>>>         headers: {"Content-Type": "application/json"},
>>>>>         data:  {"auth":{"passwordCredentials":{"username":"<username>",
>>>>> "password":"<password>"}}},
>>>>>         success: function(data) { alert(data); }
>>>>>     });
>>>>> 
>>>>> That fails because the call is cross-domain, and Nova doesn't support
>>>>> CORS
>>>>> (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).<script>
>>>>> based
>>>>> cross-domain requests only supports GET requests, so that doesn't work
>>>>> either.
>>>>> 
>>>>> I have raised a bug: https://bugs.launchpad.net/nova/+bug/987044, but
>>>>> I'm
>>>>> really hoping someone can point out something obvious I'm missing here.
>>>>> 
>>>>> Regards
>>>>>   Nick Lothian
>>>>> 
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>> 
>>> 
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>> 
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

References

  Thread PreviousDate PreviousThread Next