<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 21, 2020 at 5:37 AM Radosław Piliszek <<a href="mailto:radoslaw.piliszek@gmail.com">radoslaw.piliszek@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi, Michael!<br>
<br>
Thanks for your interest. I was also surprised that it does not work.<br>
It looks simple enough to not break...<br>
<br>
Since I wrote the email, I did more research on how to tackle this problem.<br>
For now I posted a bug to devstack that CORS is out of reach with pure<br>
devstack [1].<br></blockquote><div><br></div><div>that sounds like a good first step.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Only keystone and placement can be configured to use mod_wsgi, others<br>
default to uwsgi (or eventlet, to be precise, but these are<br>
irrelevant).<br>
It's really either hacking browsers or hacking apache config to<br>
include relevant CORS headers.<br>
<br></blockquote><div><br></div><div>this is something that i think we need to know though, because if uWSGI has broken CORS support then we need to fix it or start advising against its usage.</div><div><br></div><div>peace o/</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
[1] <a href="https://bugs.launchpad.net/devstack/+bug/1860287" rel="noreferrer" target="_blank">https://bugs.launchpad.net/devstack/+bug/1860287</a><br>
<br>
-yoctozepto<br>
<br>
wt., 21 sty 2020 o 10:00 Michael McCune <<a href="mailto:elmiko@redhat.com" target="_blank">elmiko@redhat.com</a>> napisał(a):<br>
><br>
> hi Radoslaw,<br>
><br>
> i am also curious about this because i had thought we had CORS issued solved for uWSGI in the past, i will need to look around to find the conversations i was having.<br>
><br>
> thanks for sharing your investigation, i think this is interesting.<br>
><br>
> peace o/<br>
><br>
> On Fri, Jan 17, 2020 at 1:45 PM Radosław Piliszek <<a href="mailto:radoslaw.piliszek@gmail.com" target="_blank">radoslaw.piliszek@gmail.com</a>> wrote:<br>
>><br>
>> Fellow Devs,<br>
>><br>
>> as you might have noticed I started taking care of openstack/js-openstack-lib,<br>
>> now under the openstacksdk umbrella [1].<br>
>> First goal is to modernize the CI to use Zuul v3, current devstack and<br>
>> nodejs, still WIP [2].<br>
>><br>
>> As part of the original suite of tests, the unit and functional tests<br>
>> are run from browsers as well as from node.<br>
>> And, as you may know, browsers care about CORS [3].<br>
>> js-openstack-lib is connecting to various OpenStack APIs (currently<br>
>> limited to keystone, glance, neutron and nova) to act on behalf of the<br>
>> user (just like openstacksdk/client does).<br>
>> oslo.middleware, as used by those APIs, provides a way to configure<br>
>> CORS by setting params in the [cors] group but uWSGI seemingly ignores<br>
>> that completely [4].<br>
>> I had to switch to mod_wsgi+apache instead of uwsgi+apache to get past<br>
>> that issue.<br>
>> I could not reproduce locally because kolla (thankfully) uses mostly<br>
>> mod_wsgi atm.<br>
>><br>
>> The issue I see is that uWSGI is proposed as the future and mod_wsgi<br>
>> is termed deprecated.<br>
>> However, this means the future is broken w.r.t. CORS and so any modern<br>
>> web interface with it if not sitting on the exact same host and port<br>
>> (which is usually different between OpenStack APIs and any UI).<br>
>><br>
>> [1] <a href="https://review.opendev.org/701854" rel="noreferrer" target="_blank">https://review.opendev.org/701854</a><br>
>> [2] <a href="https://review.opendev.org/702132" rel="noreferrer" target="_blank">https://review.opendev.org/702132</a><br>
>> [3] <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" rel="noreferrer" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</a><br>
>> [4] <a href="https://github.com/unbit/uwsgi/issues/1550" rel="noreferrer" target="_blank">https://github.com/unbit/uwsgi/issues/1550</a><br>
>><br>
>> -yoctozepto<br>
>><br>
<br>
</blockquote></div></div>