Thanks for bringing this to our attention, Paul. It is extremely important to design our APIs to be as consumable as possible. I am personally more involved in Nova and Glance, but I would still love to try to fit these headers into each of their APIs. We are in the process of drafting new API specs for both right now (Glance v2 might actually be finalized), but I will work with you to see what we can do.
Thanks! Brian Waldon On Jan 6, 2012, at 3:26 PM, Paul Querna wrote: > Hello, > > I was wondering what people think about adding Cross-Origin Resource > Sharing Headers to all OpenStack APIs by default. > > Essentially, this would allow people to make pure frontend javascript > clients, which would could be hosted on domains different than the > API: > http://www.w3.org/TR/cors/ > > More examples of how to use this are here: > https://developer.mozilla.org/En/HTTP_access_control > > This boils down to a few changes in OpenStack implementations, mostly > it is when an OPTIONS request is sent to the APIs, respond with a 200, > and send something like following headers: > > Access-Control-Allow-Origin: * > Access-Control-Allow-Methods: GET, OPTIONS,POST,PUT,DELETE > Access-Control-Allow-Headers: X-Auth-Token > Access-Control-Max-Age: 1728000 > > This would especially be helpful when working against Keystone, as it > would let you make applications where the user is prompted for their > username & password, and then their token is fetched purely from > client side javascript. > > The only concern of course is potential security implications. > However, I've not been able to think of a viable threat model for any > OpenStack APIs at this time. > > Thoughts? > > Thanks, > > Paul > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
