[api][sdk][dev][oslo] using uWSGI breaks CORS config

Radosław Piliszek radoslaw.piliszek at gmail.com
Tue Jan 21 10:37:22 UTC 2020 

Hi, Michael!

Thanks for your interest. I was also surprised that it does not work.
It looks simple enough to not break...

Since I wrote the email, I did more research on how to tackle this problem.
For now I posted a bug to devstack that CORS is out of reach with pure
devstack [1].
Only keystone and placement can be configured to use mod_wsgi, others
default to uwsgi (or eventlet, to be precise, but these are
irrelevant).
It's really either hacking browsers or hacking apache config to
include relevant CORS headers.

[1] https://bugs.launchpad.net/devstack/+bug/1860287

-yoctozepto

wt., 21 sty 2020 o 10:00 Michael McCune <elmiko at redhat.com> napisał(a):
>
> hi Radoslaw,
>
> i am also curious about this because i had thought we had CORS issued solved for uWSGI in the past, i will need to look around to find the conversations i was having.
>
> thanks for sharing your investigation, i think this is interesting.
>
> peace o/
>
> On Fri, Jan 17, 2020 at 1:45 PM Radosław Piliszek <radoslaw.piliszek at gmail.com> wrote:
>>
>> Fellow Devs,
>>
>> as you might have noticed I started taking care of openstack/js-openstack-lib,
>> now under the openstacksdk umbrella [1].
>> First goal is to modernize the CI to use Zuul v3, current devstack and
>> nodejs, still WIP [2].
>>
>> As part of the original suite of tests, the unit and functional tests
>> are run from browsers as well as from node.
>> And, as you may know, browsers care about CORS [3].
>> js-openstack-lib is connecting to various OpenStack APIs (currently
>> limited to keystone, glance, neutron and nova) to act on behalf of the
>> user (just like openstacksdk/client does).
>> oslo.middleware, as used by those APIs, provides a way to configure
>> CORS by setting params in the [cors] group but uWSGI seemingly ignores
>> that completely [4].
>> I had to switch to mod_wsgi+apache instead of uwsgi+apache to get past
>> that issue.
>> I could not reproduce locally because kolla (thankfully) uses mostly
>> mod_wsgi atm.
>>
>> The issue I see is that uWSGI is proposed as the future and mod_wsgi
>> is termed deprecated.
>> However, this means the future is broken w.r.t. CORS and so any modern
>> web interface with it if not sitting on the exact same host and port
>> (which is usually different between OpenStack APIs and any UI).
>>
>> [1] https://review.opendev.org/701854
>> [2] https://review.opendev.org/702132
>> [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
>> [4] https://github.com/unbit/uwsgi/issues/1550
>>
>> -yoctozepto
>>

More information about the openstack-discuss mailing list