TL;DR for the below: +1 to what Nick said.
I think both sides here are valid... Yes, security issues are opened up with these technologies, and they are indeed rather new, but the use-case for wanting to access the files in this manner also definitely exists. Whatever solution is decided on, we should do it in a manner that allows someone installing OpenStack to entirely shut to off/not use it, OR to open it up to JSONP/CORS/whatever and have Tres' use-cases supported. The risk is up to the installer depending on their needs/use-cases. We should support them AND do a good job of educating them of the risks and rewards of using such technologies. It shouldn't be up to us to determine if it is theoretically a good idea or not, or if it is necessary, or if it could be done in a different way, or if their desire is off-base, but we should support the functionality in an intelligent manner and let the installer decide on what/how/why they want to use and install OpenStack… John Postlethwait Nebula, Inc. 206-999-4492 On Wednesday, April 25, 2012 at 10:01 AM, Jan Drake wrote: > A little of both. Serving JS, et al from a CDN for a set of domain services > is easy peasey stuff and we do it all the time... but we tend to do so with a > common edge (at the very least in DNS space) that precludes the need for > JSONP/CORS. I'm not sure if the use case here is: > > 1) JS client talking to multiple service providers hosting openstack, (seems > low priority to me but potentially valid) > 2) JS client talking to multiple openstack services within a single hosting > provider (seems high priority to me) > > #2 is easy we do it all the time. #1 gets messy but I probably wouldn't just > use a JS only mashup client to get the job done. > > Anyway, just thoughts... re maturity: our enterprise security folks have > issues with using jsonp/cors and consider it contraindicated at the moment. > > > > Jan > > > Subject: Re: [Openstack] Using Nova APIs from Javascript: possible? > From: t...@treshenry.net (mailto:t...@treshenry.net) > Date: Wed, 25 Apr 2012 09:49:15 -0700 > CC: openstack@lists.launchpad.net (mailto:openstack@lists.launchpad.net) > To: jan_dr...@hotmail.com (mailto:jan_dr...@hotmail.com) > > Jan: is the concern that you don't see the value in the use case or that you > don't believe the proposed technologies are sufficiently mature? > > In order to keep the thread somewhat linear I'm basically going to +1 what > Nick said and add that as an application developer I should be able to serve > the JS, HTML and CSS for my application from a CDN and have my application > talk directly to an OpenStack endpoint. This is an important scenario now but > will become critical with the wave of PAAS offerings coming for OpenStack > (i.e. my application should be able to talk directly to FathomDB running on > OS). > > > On Apr 25, 2012, at 3:46 AM, Nick Lothian wrote: > > JSONP has been used for years - for example Solr has supported it since > > 2008 (and possibly earlier). CORS matches the Openstack APIs better though. > > > > Redirects are unrelated to the problem as far as I can see. > > I think that toolmakers trying to build Javascript tools that connect to > > multiple service providers is a completely valid use case. It is supported > > for pretty much any other language, why not Javascript? > > On Apr 25, 2012 12:33 PM, "Jan Drake" <jan_dr...@hotmail.com > > (mailto:jan_dr...@hotmail.com)> wrote: > > > So, why such a focus on this? IMO both JSONP and CORS are way too early > > > stage to adopt and the security risks outweigh the rewards. Usually, I > > > see people doing this to enable mashups across separate providers. > > > > > > Just curious why the focus/need is perceived in the community? If this > > > is really because of redirects then we probably have a broken model > > > and/or improper distribution of responsibilities. > > > > > > Love to know if I'm missing a real use case. Can help fix model if it is > > > broken. Have much experience in this area. > > > > > > IMO no solution should trick the browser. > > > > > > > > > Jan > > > > > > > > > > > > On Apr 24, 2012, at 7:05 PM, Luis Gervaso <l...@woorea.es > > > (mailto:l...@woorea.es)> wrote: > > > > > > > The solution until the webservice deliver that headers is: > > > > > > > > Solution 1: > > > > > > > > 1. Put the webservice behind a remote or local proxy > > > > 2. Apply some a filter (decorator) for each response with the CORS > > > > headers (in the proxy) in order to trick the browser > > > > > > > > Solution 2: > > > > > > > > Some time ago I tested it with Chrome (disabling security) and it > > > > worked for me > > > > > > > > Solution 3 (really dirty, but works): > > > > > > > > Embedded Flash Proxy > > > > > > > > > > > > On Wed, Apr 25, 2012 at 3:09 AM, Nick Lothian <nick.loth...@gmail.com > > > > (mailto:nick.loth...@gmail.com)> wrote: > > > > > Yes, this will work if I know in advance what server I will be > > > > > connecting too. > > > > > However, it does remove the ability to support any cloud without > > > > > intervention on the serverside. > > > > > On Apr 25, 2012 2:46 AM, "Joel Semar" <sema...@gmail.com > > > > > (mailto:sema...@gmail.com)> wrote: > > > > > > Nick, > > > > > > > > > > > > I know you said 'serverless clients' but you have to be serving the > > > > > > js from somewhere right? > > > > > > > > > > > > If you are using nginx it can be as simple as: > > > > > > > > > > > > location /nova/ { > > > > > > proxy_pass: http://nova-api.trystack.org > > > > > > (http://nova-api.trystack.org/); > > > > > > } > > > > > > > > > > > > then you can POST to yourserver/nova/v.02/. from the browser > > > > > > > > > > > > etc. > > > > > > (it's just about as simple on apache but you'd have to look it up) > > > > > > > > > > > > > > > > > > But then i guess this won't work for you if you are writing some > > > > > > distributable component/plugin/library. > > > > > > > > > > > > (sorry if you've already dismissed this option but i thought it > > > > > > worth a shot since it has worked flawlessly for me in the past) > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Apr 24, 2012 at 9:49 AM, Sandy Walsh > > > > > > <sandy.wa...@rackspace.com (mailto:sandy.wa...@rackspace.com)> > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > On 04/24/2012 11:19 AM, Nick Lothian wrote: > > > > > > > > JSONP is great, but won't work with POST requests. > > > > > > > > > > > > > > Hmm, good point. > > > > > > > > > > > > > > > I don't quite understand what "Due to the redirect nature of > > > > > > > > the auth > > > > > > > > system" means, though. > > > > > > > > > > > > > > > > If I use a custom Webkit browser & allow cross domain > > > > > > > > XMLHttpRequests it > > > > > > > > works fine - I do a POST to /v2.0/tokens, get the token and > > > > > > > > then use > > > > > > > > that. What am I missing? > > > > > > > > > > > > > > The Auth system will give you a token and then a new "management" > > > > > > > url > > > > > > > where the actual commands are issued (the real Nova API > > > > > > > endpoint). These > > > > > > > are often two different systems (domains), so cross-site requests > > > > > > > are > > > > > > > mandatory. > > > > > > > > > > > > > > -S > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Nick > > > > > > > > > > > > > > > > On Tue, Apr 24, 2012 at 8:57 PM, Sandy Walsh > > > > > > > > <sandy.wa...@rackspace.com (mailto:sandy.wa...@rackspace.com) > > > > > > > > <mailto:sandy.wa...@rackspace.com>> wrote: > > > > > > > > > > > > > > > > Due to the redirect nature of the auth system we may need > > > > > > > > JSONP support > > > > > > > > for this to work. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Mailing list: https://launchpad.net/~openstack > > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > > Post to : openstack@lists.launchpad.net > > > > > > > > (mailto:openstack@lists.launchpad.net) > > > > > > > > <mailto:openstack@lists.launchpad.net> > > > > > > > > Unsubscribe : https://launchpad.net/~openstack > > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Mailing list: https://launchpad.net/~openstack > > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > > Post to : openstack@lists.launchpad.net > > > > > > > > (mailto:openstack@lists.launchpad.net) > > > > > > > > Unsubscribe : https://launchpad.net/~openstack > > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Mailing list: https://launchpad.net/~openstack > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > Post to : openstack@lists.launchpad.net > > > > > > > (mailto:openstack@lists.launchpad.net) > > > > > > > Unsubscribe : https://launchpad.net/~openstack > > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Cheers, > > > > > > > > > > > > Joel > > > > > > > > > > > > _______________________________________________ > > > > > > Mailing list: https://launchpad.net/~openstack > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > Post to : openstack@lists.launchpad.net > > > > > > (mailto:openstack@lists.launchpad.net) > > > > > > Unsubscribe : https://launchpad.net/~openstack > > > > > > (https://launchpad.net/%7Eopenstack) > > > > > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > > > > > > _______________________________________________ > > > > > Mailing list: https://launchpad.net/~openstack > > > > > (https://launchpad.net/%7Eopenstack) > > > > > Post to : openstack@lists.launchpad.net > > > > > (mailto:openstack@lists.launchpad.net) > > > > > Unsubscribe : https://launchpad.net/~openstack > > > > > (https://launchpad.net/%7Eopenstack) > > > > > More help : https://help.launchpad.net/ListHelp > > > > > > > > > > > > > > > > > > > > > -- > > > > ------------------------------------------- > > > > Luis Alberto Gervaso Martin > > > > Woorea Solutions, S.L > > > > CEO & CTO > > > > mobile: (+34) 627983344 > > > > luis@ (mailto:luis.gerv...@gmail.com)woorea.es (http://woorea.es/) > > > > _______________________________________________ > > > > Mailing list: https://launchpad.net/~openstack > > > > (https://launchpad.net/%7Eopenstack) > > > > Post to : openstack@lists.launchpad.net > > > > (mailto:openstack@lists.launchpad.net) > > > > Unsubscribe : https://launchpad.net/~openstack > > > > (https://launchpad.net/%7Eopenstack) > > > > More help : https://help.launchpad.net/ListHelp > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > (https://launchpad.net/%7Eopenstack) > > Post to : openstack@lists.launchpad.net > > (mailto:openstack@lists.launchpad.net) > > Unsubscribe : https://launchpad.net/~openstack > > (https://launchpad.net/%7Eopenstack) > > More help : https://help.launchpad.net/ListHelp > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net (mailto:openstack@lists.launchpad.net) > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
