diff --git a/etc/barbican/barbican-api-paste.ini b/etc/barbican/barbican-api-paste.ini index 9189ecbdc..842ed2146 100644 --- a/etc/barbican/barbican-api-paste.ini +++ b/etc/barbican/barbican-api-paste.ini @@ -5,21 +5,21 @@ use = egg:Paste#urlmap # Use this pipeline for Barbican API - versions no authentication [pipeline:barbican_version] -pipeline = versionapp +pipeline = cors versionapp # Use this pipeline for Barbican API - DEFAULT no authentication [pipeline:barbican_api] -pipeline = unauthenticated-context apiapp +pipeline = cors unauthenticated-context apiapp #pipeline = keystone_authtoken context apiapp #Use this pipeline to activate a repoze.profile middleware and HTTP port, # to provide profiling information for the REST API processing. [pipeline:barbican-profile] -pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp +pipeline = cors unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp #Use this pipeline for keystone auth [pipeline:barbican-api-keystone] -pipeline = keystone_authtoken context apiapp +pipeline = cors keystone_authtoken context apiapp #Use this pipeline for keystone auth with audit feature [pipeline:barbican-api-keystone-audit] @@ -68,3 +68,10 @@ discard_first_request = true path = /__profile__ flush_at_shutdown = true unwind = false + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = barbican +latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles +latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles +latent_allow_methods = GET, PUT, POST, DELETE, PATCH diff --git a/etc/barbican/barbican.conf b/etc/barbican/barbican.conf index 80c48cbe7..89e99133d 100644 --- a/etc/barbican/barbican.conf +++ b/etc/barbican/barbican.conf @@ -320,3 +320,62 @@ ca_cert_key_path = /etc/barbican/snakeoil-ca.key ca_cert_chain_path = /etc/barbican/snakeoil-ca.chain ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b subca_cert_key_directory=/etc/barbican/snakeoil-cas + +[cors] + +# +# From oslo.middleware.cors +# + +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials +# (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list +# value) +#allow_methods = GET,POST,PUT,DELETE,OPTIONS + +# Indicate which header field names may be used during the actual +# request. (list value) +#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + + +[cors.subdomain] + +# +# From oslo.middleware.cors +# + +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials +# (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list +# value) +#allow_methods = GET,POST,PUT,DELETE,OPTIONS + +# Indicate which header field names may be used during the actual +# request. (list value) +#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma diff --git a/requirements.txt b/requirements.txt index 39f6d184f..94d188540 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,6 +12,7 @@ oslo.config>=3.4.0 # Apache-2.0 oslo.context>=0.2.0 # Apache-2.0 oslo.i18n>=2.1.0 # Apache-2.0 oslo.messaging>=4.0.0 # Apache-2.0 +oslo.middleware>=3.0.0 # Apache-2.0 oslo.log>=1.14.0 # Apache-2.0 oslo.policy>=0.5.0 # Apache-2.0 oslo.serialization>=1.10.0 # Apache-2.0