Re: [Openstack] Using Nova APIs from Javascript: possible?

Due to problems people are facing with CORS we've already included further description and a video of how the JavaScript portal can be used. We'll work with the fantastic people from StackOps on the implementation of a basic HTTP proxy which could be used until we find a solution to implement CORS

Re: [Openstack] Using Nova APIs from Javascript: possible?

I'm testing out the existing JStack code at the moment. It's been enjoyable process so far. On Apr 30, 2012 7:30 PM, "javier cerviño" wrote: > Hi Adrian, > > I've just seen you submitted your Swift-based CORS implementation to > Gerrit. Would you mind if we do the same for Nova, Keystone and Gl

Re: [Openstack] Using Nova APIs from Javascript: possible?

I have no issue with you submitting your code Javier. As you say though, it might be worth waiting until it's accepted into Swift so you can take advantage of suggestions. Adrian 2012/4/30 javier cerviño > Hi Adrian, > > I've just seen you submitted your Swift-based CORS implementation to > Ger

Re: [Openstack] Using Nova APIs from Javascript: possible?

Hi Adrian, I've just seen you submitted your Swift-based CORS implementation to Gerrit. Would you mind if we do the same for Nova, Keystone and Glance? On the other hand, it could be better to wait for its approval because we could apply changes proposed by the reviewers to the rest of components.

Re: [Openstack] Using Nova APIs from Javascript: possible?

Hi! We have just published the code of the portal in Github. You can find it in https://github.com/ging/horizon-js. It will only work with Keystone and Nova if they have CORS implemented. Adrian, we didn't make big changes in your code, only logger classes and a little problem we found with PUT r

Re: [Openstack] Using Nova APIs from Javascript: possible?

I'd be really interested to hear how you go on with the CORS middleware Javier. Did it work as-is or did you have to modify it? Was there much effort involved in using it with Nova? >From your experience it sounds like there's decent CORS support in browsers now so it's probably time to submit thi

Re: [Openstack] Using Nova APIs from Javascript: possible?

Awesome Javier Anxiously waiting for a meeting with you guys to see your progress! Cheers Diego -- Diego Parrilla *CEO* *www.stackops.com | * diego.parri...@stackops.com** | +34 649 94 43 29 | skype:diegoparrilla* * * * On Thu, Apr 26

Re: [Openstack] Using Nova APIs from Javascript: possible?

Interesting! Nice job on jstack! On Apr 26, 2012, at 12:50 AM, javier cerviño wrote: > Hi all, > > I'm glad to hear that there's a lot of interest in the implementation > of Openstack JavaScript clients. Actually, in my group we're > developing a "single page" application developed entirely in >

Re: [Openstack] Using Nova APIs from Javascript: possible?

Excellent, thanks for that information Javier. It's good to know I'm not the only person doing this. On Apr 26, 2012 5:20 PM, "javier cerviño" wrote: > Hi all, > > I'm glad to hear that there's a lot of interest in the implementation > of Openstack JavaScript clients. Actually, in my group we're

Re: [Openstack] Using Nova APIs from Javascript: possible?

Hi all, I'm glad to hear that there's a lot of interest in the implementation of Openstack JavaScript clients. Actually, in my group we're developing a "single page" application developed entirely in JavaScript, that widely supports Nova and Keystone APIs. This work is part of a European Project

Re: [Openstack] Using Nova APIs from Javascript: possible?

On Thu, Apr 26, 2012 at 5:49 AM, Adam Young wrote: > Let me try to summarize: > > 1. If you are running from a web browser, post requests to hosts or > ports other than the origin are allowed, but the headers cannot be > modified. This prevents the addition of the token from Keystone to provi

Re: [Openstack] Using Nova APIs from Javascript: possible?

On Wed, 2012-04-25 at 16:19 -0400, Adam Young wrote: > Kerberos is designed to solve this problem. It has the benefit of being > integrated into the browser. Where Kerberos fails is that: typically > it only allows a single authentication provider (KDC in Kerberso speak) > and it does not wor

Re: [Openstack] Using Nova APIs from Javascript: possible?

Let me try to summarize: 1. If you are running from a web browser, post requests to hosts or ports other than the origin are allowed, but the headers cannot be modified. This prevents the addition of the token from Keystone to provide single sign on. 2. There are various browser side te

Re: [Openstack] Using Nova APIs from Javascript: possible?

only mashup client to get the job done. > > Anyway, just thoughts... re maturity: our enterprise security folks have > issues with using jsonp/cors and consider it contraindicated at the moment. > > > > Jan > > > Subject: Re: [Openstack] Using Nova

Re: [Openstack] Using Nova APIs from Javascript: possible?

x27;t just use a JS only mashup client to get the job done. Anyway, just thoughts... re maturity: our enterprise security folks have issues with using jsonp/cors and consider it contraindicated at the moment. Jan Subject: Re: [Openstack] Using Nova APIs from Javascript: possibl

Re: [Openstack] Using Nova APIs from Javascript: possible?

Jan: is the concern that you don't see the value in the use case or that you don't believe the proposed technologies are sufficiently mature? In order to keep the thread somewhat linear I'm basically going to +1 what Nick said and add that as an application developer I should be able to serve th

Re: [Openstack] Using Nova APIs from Javascript: possible?

JSONP has been used for years - for example Solr has supported it since 2008 (and possibly earlier). CORS matches the Openstack APIs better though. Redirects are unrelated to the problem as far as I can see. I think that toolmakers trying to build Javascript tools that connect to multiple service

Re: [Openstack] Using Nova APIs from Javascript: possible?

So, why such a focus on this? IMO both JSONP and CORS are way too early stage to adopt and the security risks outweigh the rewards. Usually, I see people doing this to enable mashups across separate providers. Just curious why the focus/need is perceived in the community? If this is really b

Re: [Openstack] Using Nova APIs from Javascript: possible?

The solution until the webservice deliver that headers is: Solution 1: 1. Put the webservice behind a remote or local proxy 2. Apply some a filter (decorator) for each response with the CORS headers (in the proxy) in order to trick the browser Solution 2: Some time ago I tested it with Chrome (

Re: [Openstack] Using Nova APIs from Javascript: possible?

Yes, this will work if I know in advance what server I will be connecting too. However, it does remove the ability to support any cloud without intervention on the serverside. On Apr 25, 2012 2:46 AM, "Joel Semar" wrote: > Nick, > > I know you said 'serverless clients' but you have to be serving

Re: [Openstack] Using Nova APIs from Javascript: possible?

I actually like JSONP, but supporting it would be quite a substantial change to the APIs Adding CORS support is a relatively small change, and probably a more "technically correct" solution. It does have less browser support though. On Apr 25, 2012 4:01 AM, "Tres Henry" wrote: > Jsonp sucks (g

Re: [Openstack] Using Nova APIs from Javascript: possible?

Javascript *can* set custom headers, but only by using XMLHttpRequest. That cannot work cross-domain unless the appropriate CORS headers are set. Hence this issue :) On Apr 25, 2012 12:21 AM, "Adam Young" wrote: > On 04/24/2012 10:19 AM, Nick Lothian wrote: > > JSONP is great, but won't work wi

Re: [Openstack] Using Nova APIs from Javascript: possible?

The JS may be served from a CDN. You can't assume a server-side proxy. Here's an example of a sever-less JS application that communicates directly to EC2: http://aws.amazon.com/developertools/1424 (there are versions for other services like SQS and SDB as well). Server-less JS applications are a

Re: [Openstack] Using Nova APIs from Javascript: possible?

Jsonp sucks (get only) but might be the best choice. That's generally how AWS supports these use cases, fwiw. On Apr 24, 2012, at 7:49 AM, Sandy Walsh wrote: > > > On 04/24/2012 11:19 AM, Nick Lothian wrote: >> JSONP is great, but won't work with POST requests. > > Hmm, good point. > >> I

Re: [Openstack] Using Nova APIs from Javascript: possible?

Nick, I know you said 'serverless clients' but you have to be serving the js from somewhere right? If you are using nginx it can be as simple as: location /nova/ { proxy_pass: http://nova-api.trystack.org; } then you can POST to yourserver/nova/v.02/. from the browser etc. (it's just about

Re: [Openstack] Using Nova APIs from Javascript: possible?

On 04/24/2012 11:19 AM, Nick Lothian wrote: > JSONP is great, but won't work with POST requests. Hmm, good point. > I don't quite understand what "Due to the redirect nature of the auth > system" means, though. > > If I use a custom Webkit browser & allow cross domain XMLHttpRequests it > wor

Re: [Openstack] Using Nova APIs from Javascript: possible?

On 04/24/2012 10:19 AM, Nick Lothian wrote: JSONP is great, but won't work with POST requests. I don't quite understand what "Due to the redirect nature of the auth system" means, though. Sorry, I am working on a few things that are related. OpenID and various other systems have issues alon

Re: [Openstack] Using Nova APIs from Javascript: possible?

I was trying to write a pure Javascript client hosted on a different domain. As you mentioned earlier JSONP is a potential solution, but it will not work with POST requests. Cross-site forgery issues need to be thought through carefully. I don't believe they are insurmountable though - it isn't li

Re: [Openstack] Using Nova APIs from Javascript: possible?

JSONP is great, but won't work with POST requests. I don't quite understand what "Due to the redirect nature of the auth system" means, though. If I use a custom Webkit browser & allow cross domain XMLHttpRequests it works fine - I do a POST to /v2.0/tokens, get the token and then use that. What

Re: [Openstack] Using Nova APIs from Javascript: possible?

Due to the redirect nature of the auth system we may need JSONP support for this to work. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https:

Re: [Openstack] Using Nova APIs from Javascript: possible?

Sorry, meant to say "server-less client applications". The OP is trying to create a client-side JS application that communicates directly to an OS endpoint (specifically trystack). I believe his problem is same origin policy, not authentication. On Apr 23, 2012, at 12:33 PM, Adam Young wrote:

Re: [Openstack] Using Nova APIs from Javascript: possible?

On 04/23/2012 01:13 PM, Tres Henry wrote: Adam, in what way should the OS API support server-less clients? AFAIK the options are CORS or JSONP, no? I am not quite sure what you mean by serverless clients, but I think the answer to this is getting a real Single Sign On solution, which is ba

Re: [Openstack] Using Nova APIs from Javascript: possible?

Adam, in what way should the OS API support server-less clients? AFAIK the options are CORS or JSONP, no? On Apr 23, 2012, at 5:50 AM, Adam Young wrote: > I see this as a feature, not a drawback.The inability to access portions > of the HTTP protocol is there to defend against attacks suc

Re: [Openstack] Using Nova APIs from Javascript: possible?

I see this as a feature, not a drawback.The inability to access portions of the HTTP protocol is there to defend against attacks such as cross site request forgeries. If we suppress that mechanism, we open up a lot of security holes. On 04/23/2012 06:09 AM, Adrian Smith wrote: The auth

Re: [Openstack] Using Nova APIs from Javascript: possible?

This is for Swift of course. But I guess there are similar headers for Nova. On 23 April 2012 11:09, Adrian Smith wrote: > The authentication request returns X-Storage-Url and X-Auth-Token > headers. For the JS client to see them they need to be referenced in > Access-Control-Expose-Headers. As o

Re: [Openstack] Using Nova APIs from Javascript: possible?

The authentication request returns X-Storage-Url and X-Auth-Token headers. For the JS client to see them they need to be referenced in Access-Control-Expose-Headers. As of the last time checked, both these headers were being stripped from the response before being presented to JS. Adrian On 23 A

Re: [Openstack] Using Nova APIs from Javascript: possible?

Hi Adrian, Good to know this is a known issue. Why does the client need to see custom headers from the server anyway? I know the client needs to pass the authorisation header to the server, but I haven't seen any of the APIs yet that return custom headers. (It's likely I'm missing them though) N

Re: [Openstack] Using Nova APIs from Javascript: possible?

Hi Nick, I did some work with CORS a few months back [1]. At the time I couldn't get any browser to work properly with CORS so I just parked the code. The problem was lack of support for the Access-Control-Expose-Headers header. According to the Chrome bug report [2] this issue may well be fixed