[api][sdk][dev][oslo] using uWSGI breaks CORS config
Ben Nemec
openstack at nemebean.com
Tue Jan 21 16:30:46 UTC 2020
On 1/21/20 4:55 PM, Michael McCune wrote:
>
>
> On Tue, Jan 21, 2020 at 5:37 AM Radosław Piliszek
> <radoslaw.piliszek at gmail.com <mailto:radoslaw.piliszek at gmail.com>> wrote:
>
> Hi, Michael!
>
> Thanks for your interest. I was also surprised that it does not work.
> It looks simple enough to not break...
>
> Since I wrote the email, I did more research on how to tackle this
> problem.
> For now I posted a bug to devstack that CORS is out of reach with pure
> devstack [1].
>
>
> that sounds like a good first step.
>
> Only keystone and placement can be configured to use mod_wsgi, others
> default to uwsgi (or eventlet, to be precise, but these are
> irrelevant).
> It's really either hacking browsers or hacking apache config to
> include relevant CORS headers.
>
>
> this is something that i think we need to know though, because if uWSGI
> has broken CORS support then we need to fix it or start advising against
> its usage.
Just to clarify, based on [0] it looks like this is a uwsgi bug and not
something we're doing wrong (other than recommending uwsgi ;-). Is that
correct?
0: https://github.com/unbit/uwsgi/issues/1550
>
> peace o/
>
> [1] https://bugs.launchpad.net/devstack/+bug/1860287
>
> -yoctozepto
>
> wt., 21 sty 2020 o 10:00 Michael McCune <elmiko at redhat.com
> <mailto:elmiko at redhat.com>> napisał(a):
> >
> > hi Radoslaw,
> >
> > i am also curious about this because i had thought we had CORS
> issued solved for uWSGI in the past, i will need to look around to
> find the conversations i was having.
> >
> > thanks for sharing your investigation, i think this is interesting.
> >
> > peace o/
> >
> > On Fri, Jan 17, 2020 at 1:45 PM Radosław Piliszek
> <radoslaw.piliszek at gmail.com <mailto:radoslaw.piliszek at gmail.com>>
> wrote:
> >>
> >> Fellow Devs,
> >>
> >> as you might have noticed I started taking care of
> openstack/js-openstack-lib,
> >> now under the openstacksdk umbrella [1].
> >> First goal is to modernize the CI to use Zuul v3, current
> devstack and
> >> nodejs, still WIP [2].
> >>
> >> As part of the original suite of tests, the unit and functional
> tests
> >> are run from browsers as well as from node.
> >> And, as you may know, browsers care about CORS [3].
> >> js-openstack-lib is connecting to various OpenStack APIs (currently
> >> limited to keystone, glance, neutron and nova) to act on behalf
> of the
> >> user (just like openstacksdk/client does).
> >> oslo.middleware, as used by those APIs, provides a way to configure
> >> CORS by setting params in the [cors] group but uWSGI seemingly
> ignores
> >> that completely [4].
> >> I had to switch to mod_wsgi+apache instead of uwsgi+apache to
> get past
> >> that issue.
> >> I could not reproduce locally because kolla (thankfully) uses mostly
> >> mod_wsgi atm.
> >>
> >> The issue I see is that uWSGI is proposed as the future and mod_wsgi
> >> is termed deprecated.
> >> However, this means the future is broken w.r.t. CORS and so any
> modern
> >> web interface with it if not sitting on the exact same host and port
> >> (which is usually different between OpenStack APIs and any UI).
> >>
> >> [1] https://review.opendev.org/701854
> >> [2] https://review.opendev.org/702132
> >> [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
> >> [4] https://github.com/unbit/uwsgi/issues/1550
> >>
> >> -yoctozepto
> >>
>
More information about the openstack-discuss
mailing list