| Thread Previous • Date Previous • Date Next • Thread Next |
On 04/24/2012 10:19 AM, Nick Lothian wrote:
JSONP is great, but won't work with POST requests.I don't quite understand what "Due to the redirect nature of the auth system" means, though.
Sorry, I am working on a few things that are related. OpenID and various other systems have issues along these lines that are due to the fact that they are done with redirects. UI'll try to be clearer in the future.
That actually works fine because the token is not in the header when it comes from Keystone. However, if you were to post toa web app that then needed to make your browser post to a remote system (which is where the same origin policy comes in to play) you need to set that Auth token into a custom header, and Javascript is forbidden to do that. Yes, the Javascript can say "post to glance" or some other openstack API server, but it can't set the X auth header with the token from Keystone in order to make the call authenticated.
NickOn Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh <sandy.walsh@xxxxxxxxxxxxx <mailto:sandy.walsh@xxxxxxxxxxxxx>> wrote:Due to the redirect nature of the auth system we may need JSONP support for this to work. _______________________________________________ Mailing list: https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack> Post to : openstack@xxxxxxxxxxxxxxxxxxx <mailto:openstack@xxxxxxxxxxxxxxxxxxx> Unsubscribe : https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack> More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@xxxxxxxxxxxxxxxxxxx Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
| Thread Previous • Date Previous • Date Next • Thread Next |
