Hi, Michael!
Thanks for your interest. I was also surprised that it does not work.
It looks simple enough to not break...
Since I wrote the email, I did more research on how to tackle this problem.
For now I posted a bug to devstack that CORS is out of reach with pure
devstack [1].
that sounds like a good first step.
Only keystone and placement can be configured to use mod_wsgi, others
default to uwsgi (or eventlet, to be precise, but these are
irrelevant).
It's really either hacking browsers or hacking apache config to
include relevant CORS headers.
this is something that i think we need to know though, because if uWSGI has broken CORS support then we need to fix it or start advising against its usage.
peace o/
[1] https://bugs.launchpad.net/devstack/+bug/1860287
-yoctozepto
wt., 21 sty 2020 o 10:00 Michael McCune <elmiko@redhat.com> napisał(a):
>
> hi Radoslaw,
>
> i am also curious about this because i had thought we had CORS issued solved for uWSGI in the past, i will need to look around to find the conversations i was having.
>
> thanks for sharing your investigation, i think this is interesting.
>
> peace o/
>
> On Fri, Jan 17, 2020 at 1:45 PM Radosław Piliszek <radoslaw.piliszek@gmail.com> wrote:
>>
>> Fellow Devs,
>>
>> as you might have noticed I started taking care of openstack/js-openstack-lib,
>> now under the openstacksdk umbrella [1].
>> First goal is to modernize the CI to use Zuul v3, current devstack and
>> nodejs, still WIP [2].
>>
>> As part of the original suite of tests, the unit and functional tests
>> are run from browsers as well as from node.
>> And, as you may know, browsers care about CORS [3].
>> js-openstack-lib is connecting to various OpenStack APIs (currently
>> limited to keystone, glance, neutron and nova) to act on behalf of the
>> user (just like openstacksdk/client does).
>> oslo.middleware, as used by those APIs, provides a way to configure
>> CORS by setting params in the [cors] group but uWSGI seemingly ignores
>> that completely [4].
>> I had to switch to mod_wsgi+apache instead of uwsgi+apache to get past
>> that issue.
>> I could not reproduce locally because kolla (thankfully) uses mostly
>> mod_wsgi atm.
>>
>> The issue I see is that uWSGI is proposed as the future and mod_wsgi
>> is termed deprecated.
>> However, this means the future is broken w.r.t. CORS and so any modern
>> web interface with it if not sitting on the exact same host and port
>> (which is usually different between OpenStack APIs and any UI).
>>
>> [1] https://review.opendev.org/701854
>> [2] https://review.opendev.org/702132
>> [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
>> [4] https://github.com/unbit/uwsgi/issues/1550
>>
>> -yoctozepto
>>