Open Stack

For the REST API to be visible from browser it should either be on the same
domain and port or it should implement CORS spec (Cross-site HTTP requests,
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS).

If REST API implements CORS, then every HTTP request will be preceded with
OPTIONS request to check the real invocation is allowed. In practice, all
the API services are usually proxied from a single location, so URL naming
scheme is very desirable.

Anton

On Wed, Nov 12, 2014 at 3:21 PM, Darren Kenny <Darren.Kenny at oracle.com>
wrote:

> Chris Dent wrote:
>
>> On Tue, 11 Nov 2014, Adam Young wrote:
>>
>>  My suggestion, from a while ago, was to have a naming scheme that
>>> deconflicts putting all of the services onto a single server, on port 443.
>>>
>>
>> +1
>>
>> The current state of affairs is indeed weird.
>>
>
> It is, and as BUIs move more towards client's doing the access of the
> URLs, it
> is something we need to fix - since most browsers restrict cross-domain
> access (including different ports on the same host) for security reasons.
>
> This is the reason that the Horizon guys wrote a kind of reverse-proxy
> WSGI to enable demonstrations of the AngularJS work last week - so that
> all the REST API calls were back to the origin of Horizon itself.
>
>
>> Is this something that ought to be considered in the api-wg's
>> discussions?
>>
>>
> That would appear to fit within the aims of that working group.
>
> Thanks,
>
> Darren.
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141112/7b0efd57/attachment.html>