Adam, in what way should the OS API support server-less clients? AFAIK the options are CORS or JSONP, no? On Apr 23, 2012, at 5:50 AM, Adam Young wrote:
> I see this as a feature, not a drawback. The inability to access portions > of the HTTP protocol is there to defend against attacks such as cross site > request forgeries. If we suppress that mechanism, we open up a lot of > security holes. > > > On 04/23/2012 06:09 AM, Adrian Smith wrote: >> The authentication request returns X-Storage-Url and X-Auth-Token >> headers. For the JS client to see them they need to be referenced in >> Access-Control-Expose-Headers. As of the last time checked, both these >> headers were being stripped from the response before being presented >> to JS. >> >> Adrian >> >> >> On 23 April 2012 10:35, Nick Lothian<[email protected]> wrote: >>> Hi Adrian, >>> >>> Good to know this is a known issue. >>> >>> Why does the client need to see custom headers from the server anyway? >>> I know the client needs to pass the authorisation header to the server, but >>> I haven't seen any of the APIs yet that return custom headers. (It's likely >>> I'm missing them though) >>> >>> Nick >>> >>> On Apr 23, 2012 5:40 PM, "Adrian Smith"<[email protected]> wrote: >>>> Hi Nick, >>>> >>>> I did some work with CORS a few months back [1]. >>>> >>>> At the time I couldn't get any browser to work properly with CORS so I >>>> just parked the code. The problem was lack of support for the >>>> Access-Control-Expose-Headers header. >>>> >>>> According to the Chrome bug report [2] this issue may well be fixed >>>> now so I need to retest. >>>> >>>> Adrian >>>> >>>> [1] >>>> http://www.mail-archive.com/[email protected]/msg07219.html >>>> [2] http://code.google.com/p/chromium/issues/detail?id=87338 >>>> >>>> >>>> On 23 April 2012 06:19, Nick Lothian<[email protected]> wrote: >>>>> Hi, >>>>> >>>>> I've been playing with the Nova APIs from Javascript, and I've run into >>>>> a >>>>> problem. >>>>> >>>>> The very first thing one needs to do to use the APIs is to get a token. >>>>> >>>>> That requires a POST to the API endpoint. Using curl& trystack that >>>>> looks >>>>> like this: >>>>> >>>>> $ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d >>>>> '{"auth":{"passwordCredentials":{"username": "<username>", >>>>> "password":"<password>"}}}' -H 'Content-type: application/json' >>>>> >>>>> >>>>> The Javascript equivalent (using JQuery) is: >>>>> >>>>> $.ajax({ >>>>> url: "https://nova-api.trystack.org:5443/v2.0/tokens";, >>>>> type: 'POST', >>>>> headers: {"Content-Type": "application/json"}, >>>>> data: {"auth":{"passwordCredentials":{"username":"<username>", >>>>> "password":"<password>"}}}, >>>>> success: function(data) { alert(data); } >>>>> }); >>>>> >>>>> That fails because the call is cross-domain, and Nova doesn't support >>>>> CORS >>>>> (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).<script> >>>>> based >>>>> cross-domain requests only supports GET requests, so that doesn't work >>>>> either. >>>>> >>>>> I have raised a bug: https://bugs.launchpad.net/nova/+bug/987044, but >>>>> I'm >>>>> really hoping someone can point out something obvious I'm missing here. >>>>> >>>>> Regards >>>>> Nick Lothian >>>>> >>>>> _______________________________________________ >>>>> Mailing list: https://launchpad.net/~openstack >>>>> Post to : [email protected] >>>>> Unsubscribe : https://launchpad.net/~openstack >>>>> More help : https://help.launchpad.net/ListHelp >>>>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
