[api][sdk][dev][oslo] using uWSGI breaks CORS config

Michael McCune elmiko at redhat.com
Tue Jan 21 15:55:22 UTC 2020


On Tue, Jan 21, 2020 at 5:37 AM Radosław Piliszek <
radoslaw.piliszek at gmail.com> wrote:

> Hi, Michael!
>
> Thanks for your interest. I was also surprised that it does not work.
> It looks simple enough to not break...
>
> Since I wrote the email, I did more research on how to tackle this problem.
> For now I posted a bug to devstack that CORS is out of reach with pure
> devstack [1].
>

that sounds like a good first step.

Only keystone and placement can be configured to use mod_wsgi, others
> default to uwsgi (or eventlet, to be precise, but these are
> irrelevant).
> It's really either hacking browsers or hacking apache config to
> include relevant CORS headers.
>
>
this is something that i think we need to know though, because if uWSGI has
broken CORS support then we need to fix it or start advising against its
usage.

peace o/

[1] https://bugs.launchpad.net/devstack/+bug/1860287
>
> -yoctozepto
>
> wt., 21 sty 2020 o 10:00 Michael McCune <elmiko at redhat.com> napisał(a):
> >
> > hi Radoslaw,
> >
> > i am also curious about this because i had thought we had CORS issued
> solved for uWSGI in the past, i will need to look around to find the
> conversations i was having.
> >
> > thanks for sharing your investigation, i think this is interesting.
> >
> > peace o/
> >
> > On Fri, Jan 17, 2020 at 1:45 PM Radosław Piliszek <
> radoslaw.piliszek at gmail.com> wrote:
> >>
> >> Fellow Devs,
> >>
> >> as you might have noticed I started taking care of
> openstack/js-openstack-lib,
> >> now under the openstacksdk umbrella [1].
> >> First goal is to modernize the CI to use Zuul v3, current devstack and
> >> nodejs, still WIP [2].
> >>
> >> As part of the original suite of tests, the unit and functional tests
> >> are run from browsers as well as from node.
> >> And, as you may know, browsers care about CORS [3].
> >> js-openstack-lib is connecting to various OpenStack APIs (currently
> >> limited to keystone, glance, neutron and nova) to act on behalf of the
> >> user (just like openstacksdk/client does).
> >> oslo.middleware, as used by those APIs, provides a way to configure
> >> CORS by setting params in the [cors] group but uWSGI seemingly ignores
> >> that completely [4].
> >> I had to switch to mod_wsgi+apache instead of uwsgi+apache to get past
> >> that issue.
> >> I could not reproduce locally because kolla (thankfully) uses mostly
> >> mod_wsgi atm.
> >>
> >> The issue I see is that uWSGI is proposed as the future and mod_wsgi
> >> is termed deprecated.
> >> However, this means the future is broken w.r.t. CORS and so any modern
> >> web interface with it if not sitting on the exact same host and port
> >> (which is usually different between OpenStack APIs and any UI).
> >>
> >> [1] https://review.opendev.org/701854
> >> [2] https://review.opendev.org/702132
> >> [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
> >> [4] https://github.com/unbit/uwsgi/issues/1550
> >>
> >> -yoctozepto
> >>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200121/a6a4c488/attachment.html>


More information about the openstack-discuss mailing list