It looks to me like this is set on a per-project basis. oslo.middleware doesn't have any default headers: https://github.com/openstack/oslo.middleware/blob/2c557312519cd368c50eaaa5448049da19cc6281/oslo_middleware/cors.py#L50
A quick search suggests that the accepted headers are being set in Glance itself: https://github.com/openstack/glance/blob/8a2d1542348e8aaaee163ba629fd37c534d469d9/glance/common/config.py#L851 I think that's where this would need to be changed. ** Also affects: glance Importance: Undecided Status: New ** Changed in: oslo.middleware Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1680062 Title: CORS allow headers broken with Safari Status in Glance: New Status in oslo.middleware: Invalid Bug description: I'm seeing Glance images failing to upload via Horizon with CORS because: 2017-04-05 07:07:33.103 7034 DEBUG oslo_middleware.cors [-] Request header 'origin' not in permitted list: ['CONTENT-MD5', 'X-IMAGE-META-CHECKSUM', 'X-STORAGE-TOKEN', 'ACCEPT-ENCODING', 'X-AUTH-TOKEN', 'X-IDENTITY-STATUS', 'X-ROLES', 'X-SERVICE-CATALOG', 'X-USER-ID', 'X-TENANT-ID', 'X-OPENSTACK-REQUEST-ID', 'ACCEPT', 'ACCEPT-LANGUAGE', 'CONTENT-TYPE', 'CACHE-CONTROL', 'CONTENT-LANGUAGE', 'EXPIRES', 'LAST-MODIFIED', 'PRAGMA'] _apply_cors_preflight_headers /openstack/venvs/glance-14.1.0/lib/python2.7/site-packages/oslo_middleware/cors.py:381 The request headers Safari is sending are: Access-Control-Request-Headers accept, content-type, origin, x-auth-token The same upload works fine in Chrome, where the request headers are: Access-Control-Request-Headers: content-type,x-auth-token To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1680062/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
