yahoo-eng-team team mailing list archive

[Ben Nemec <openstack@xxxxxxxxxxxx>]

It looks to me like this is set on a per-project basis.  oslo.middleware
doesn't have any default headers:
https://github.com/openstack/oslo.middleware/blob/2c557312519cd368c50eaaa5448049da19cc6281/oslo_middleware/cors.py#L50

A quick search suggests that the accepted headers are being set in
Glance itself:
https://github.com/openstack/glance/blob/8a2d1542348e8aaaee163ba629fd37c534d469d9/glance/common/config.py#L851
I think that's where this would need to be changed.

** Also affects: glance
   Importance: Undecided
       Status: New

** Changed in: oslo.middleware
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1680062

Title:
  CORS allow headers broken with Safari

Status in Glance:
  New
Status in oslo.middleware:
  Invalid

Bug description:
  I'm seeing Glance images failing to upload via Horizon with CORS because:
  2017-04-05 07:07:33.103 7034 DEBUG oslo_middleware.cors [-] Request header 'origin' not in permitted list: ['CONTENT-MD5', 'X-IMAGE-META-CHECKSUM', 'X-STORAGE-TOKEN', 'ACCEPT-ENCODING', 'X-AUTH-TOKEN', 'X-IDENTITY-STATUS', 'X-ROLES', 'X-SERVICE-CATALOG', 'X-USER-ID', 'X-TENANT-ID', 'X-OPENSTACK-REQUEST-ID', 'ACCEPT', 'ACCEPT-LANGUAGE', 'CONTENT-TYPE', 'CACHE-CONTROL', 'CONTENT-LANGUAGE', 'EXPIRES', 'LAST-MODIFIED', 'PRAGMA'] _apply_cors_preflight_headers /openstack/venvs/glance-14.1.0/lib/python2.7/site-packages/oslo_middleware/cors.py:381

  The request headers Safari is sending are:
  Access-Control-Request-Headers	accept, content-type, origin, x-auth-token

  
  The same upload works fine in Chrome, where the request headers are:
  Access-Control-Request-Headers: content-type,x-auth-token

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1680062/+subscriptions