OpenStack-Ansible

glance_cors_allowed_origin should include protocol

Bug #1799910 reported by tmarlok
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
tmarlok

Bug Description

Currently the glance configurations cors allowed_origins includes on;y the IP of the external_lb_vip_address value. But when the service is over https, then it is not enough.

I think the fix for this would be
in os_glance/defaults/main.yml
replace this line:

glance_cors_allowed_origin: "{{ (glance_show_multiple_locations | bool) | ternary(external_lb_vip_address, None) }}"

to this:

glance_cors_allowed_origin: "{{ (glance_show_multiple_locations | bool) | ternary(openstack_service_publicuri_proto + '://' + external_lb_vip_address, None) }}"

Revision history for this message
tmarlok (tmarlok) wrote :

here is a patch for this

Revision history for this message
Mohammed Naser (mnaser) wrote :

Hi there!

Thank you so much for the patch, it looks like it's indeed doing the right thing. Would you be able to push this patch to Gerrit in order to get attribution? I can help you get it pushed up as well if you haven't done a lot of work with that.

Thank you,
Mohammed

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/614490

Changed in openstack-ansible:
assignee: nobody → tmarlok (tmarlok)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_glance (master)

Reviewed: https://review.openstack.org/614490
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_glance/commit/?id=693a6f57a83475b7c260b023ba0d5947c80cb8db
Submitter: Zuul
Branch: master

commit 693a6f57a83475b7c260b023ba0d5947c80cb8db
Author: tmarlok <email address hidden>
Date: Wed Oct 31 12:54:20 2018 +0100

    Adds protocol to glance_cors_allowed_origin var

    When the horizon runs on https, then the IP is not enough in
    the allowed_origins, the protocoll must be included as well.

    Change-Id: Icd806d98b74671278ea17837107ee9bb14f1b303
    Closes-Bug: #1799910

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_glance (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/640846

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_glance (stable/rocky)

Reviewed: https://review.openstack.org/640846
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_glance/commit/?id=242b0ac2d1c5925d5f6f4870c17934c331580de2
Submitter: Zuul
Branch: stable/rocky

commit 242b0ac2d1c5925d5f6f4870c17934c331580de2
Author: tmarlok <email address hidden>
Date: Wed Oct 31 12:54:20 2018 +0100

    Adds protocol to glance_cors_allowed_origin var

    When the horizon runs on https, then the IP is not enough in
    the allowed_origins, the protocoll must be included as well.

    Change-Id: Icd806d98b74671278ea17837107ee9bb14f1b303
    Closes-Bug: #1799910
    (cherry picked from commit 693a6f57a83475b7c260b023ba0d5947c80cb8db)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance rocky-eol

This issue was fixed in the openstack/openstack-ansible-os_glance rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance stein-eol

This issue was fixed in the openstack/openstack-ansible-os_glance stein-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance train-eol

This issue was fixed in the openstack/openstack-ansible-os_glance train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance ussuri-eol

This issue was fixed in the openstack/openstack-ansible-os_glance ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance yoga-eom

This issue was fixed in the openstack/openstack-ansible-os_glance yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance victoria-eom

This issue was fixed in the openstack/openstack-ansible-os_glance victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance wallaby-eom

This issue was fixed in the openstack/openstack-ansible-os_glance wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_glance xena-eom

This issue was fixed in the openstack/openstack-ansible-os_glance xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.