<p><br>
Javascript *can* set custom headers, but only by using XMLHttpRequest. That cannot work cross-domain unless the appropriate CORS headers are set.</p>
<p>Hence this issue :)<br></p>
<div class="gmail_quote">On Apr 25, 2012 12:21 AM, "Adam Young" <<a href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
On 04/24/2012 10:19 AM, Nick Lothian wrote:
<blockquote type="cite">
<div class="gmail_extra">JSONP is great, but won't work with POST
requests.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">I don't quite understand what "Due to the
redirect nature of the auth system" means, though. <br>
</div>
</blockquote>
<br>
Sorry, I am working on a few things that are related. OpenID and
various other systems have issues along these lines that are due to
the fact that they are done with redirects. UI'll try to be clearer
in the future.<br>
<br>
<br>
That actually works fine because the token is not in the header when
it comes from Keystone. However, if you were to post toa web app
that then needed to make your browser post to a remote system (which
is where the same origin policy comes in to play) you need to set
that Auth token into a custom header, and Javascript is forbidden
to do that. Yes, the Javascript can say "post to glance" or some
other openstack API server, but it can't set the X auth header with
the token from Keystone in order to make the call authenticated.<br>
<br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Nick</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Apr 24, 2012 at 8:57 PM, Sandy
Walsh <span dir="ltr"><<a href="mailto:sandy.walsh@rackspace.com" target="_blank">sandy.walsh@rackspace.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Due to the
redirect nature of the auth system we may need JSONP support<br>
for this to work.<br>
<div>
<div><br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div>