Merge "Add ability to configure cross-origin requests"

defaults/main.yml

@@ -180,6 +180,8 @@ glance_keystone_auth_plugin: password
 ## Glance config
 glance_image_cache_max_size: 10737418240
 
+# CORS options
+glance_cors_allowed_origin: "{{ (glance_show_multiple_locations | bool) | ternary(external_lb_vip_address, None) }}"
 # If ``glance_api_workers`` is unset the system will use half the number of available VCPUS to
 # compute the number of api workers to use.
 # glance_api_workers: 16

releasenotes/notes/add-cors-config-6326223fe7fa7423.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - It is possible to configure Glance to allow cross origin requests by
+    specifying the allowed origin address using the ``glance_cors_allowed_origin``
+    variable. By default, this will be the load balancer address.

templates/glance-api.conf.j2

@@ -116,3 +116,10 @@ enabled = {{ glance_profiler_enabled }}
 [oslo_middleware]
 enable_proxy_headers_parsing = True
 {% endif %}
+
+{% if glance_cors_allowed_origin is not none %}
+[cors]
+allow_headers = origin,content-md5,x-image-meta-checksum,x-storage-token,accept-encoding,x-auth-token,x-identity-status,x-roles,x-service-catalog,x-user-id,x-tenant-id,x-openstack-request-id
+allow_methods = GET,POST,PUT,PATCH,DELETE
+allowed_origin = {{ glance_cors_allowed_origin }}
+{% endif %}