OpenStack Compute (nova)

Default CORS allow_headers missing X-OpenStack-Nova-API-Version

Bug #1931908 reported by Mohammed Naser on 2021-06-14

This bug affects 1 person

	Status	Importance	Assigned to
OpenStack Compute (nova)	Fix Released	Undecided	Unassigned
Victoria	Fix Released	Undecided	Unassigned
Wallaby	Fix Released	Undecided	Unassigned

Bug Description

When enabling CORS, by default, the `X-OpenStack-Nova-API-Version` API header is not included in the allowed headers. It should be by default because it's critical to the operation of the OpenStack Nova API.

Tags:

melanie witt (melwitt) on 2021-06-14

tags:

added: api

OpenStack Infra (hudson-openstack) on 2021-06-15

Changed in nova:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-16: Fix merged to nova (master)

Reviewed: https://review.opendev.org/c/openstack/nova/+/796319
Committed: https://opendev.org/openstack/nova/commit/b02a95a18b5da37db6d4f30a5dea07e2a4187245
Submitter: "Zuul (22348)"
Branch: master

commit b02a95a18b5da37db6d4f30a5dea07e2a4187245
Author: Mohammed Naser <email address hidden>
Date: Mon Jun 14 16:53:02 2021 -0400

Allow X-OpenStack-Nova-API-Version header in CORS

    By default, we don't currently allow the Nova microversion
    header for CORS requests. It should be something that is
    included out of the box because it's part of the core API.

Deployers can workaround this by overriding allow_headers,
but we should provide a better experience out of the box.

Closes-Bug: #1931908
Change-Id: Idf4650f36952331f02d7512580c21451f3ee3b63

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-17: Fix proposed to nova (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/nova/+/796860

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-17: Fix proposed to nova (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/nova/+/796861

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-17: Fix proposed to nova (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/nova/+/796862

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-17: Fix proposed to nova (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/nova/+/796863

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-29: Related fix merged to nova (master)

Reviewed: https://review.opendev.org/c/openstack/nova/+/796580
Committed: https://opendev.org/openstack/nova/commit/d9665465161e83afaefe16bba158fef4a83efede
Submitter: "Zuul (22348)"
Branch: master

commit d9665465161e83afaefe16bba158fef4a83efede
Author: melanie witt <email address hidden>
Date: Wed Jun 16 02:16:26 2021 +0000

Add test coverage for API version headers in CORS

    This is a follow up to change
    Idf4650f36952331f02d7512580c21451f3ee3b63 that added the
    OpenStack-API-Version and X-OpenStack-Nova-API-Version headers to be
    allowed for CORS requests.

Related-Bug: #1931908

Change-Id: Ib98d93f6f4d5ef5d5a637877025f1a7cfaef6bb4

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-25: Fix merged to nova (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/nova/+/796860
Committed: https://opendev.org/openstack/nova/commit/e045d0115dfe3f4a4776c9d82af46cddded83e7c
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit e045d0115dfe3f4a4776c9d82af46cddded83e7c
Author: Mohammed Naser <email address hidden>
Date: Mon Jun 14 16:53:02 2021 -0400

Allow X-OpenStack-Nova-API-Version header in CORS

    By default, we don't currently allow the Nova microversion
    header for CORS requests. It should be something that is
    included out of the box because it's part of the core API.

Deployers can workaround this by overriding allow_headers,
but we should provide a better experience out of the box.

    Closes-Bug: #1931908
    Change-Id: Idf4650f36952331f02d7512580c21451f3ee3b63
    (cherry picked from commit b02a95a18b5da37db6d4f30a5dea07e2a4187245)

tags:

added: in-stable-wallaby

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-04: Fix merged to nova (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/nova/+/796861
Committed: https://opendev.org/openstack/nova/commit/6305ae491e86ee1a408213da9d89d5cdecbaa869
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 6305ae491e86ee1a408213da9d89d5cdecbaa869
Author: Mohammed Naser <email address hidden>
Date: Mon Jun 14 16:53:02 2021 -0400

Allow X-OpenStack-Nova-API-Version header in CORS

    By default, we don't currently allow the Nova microversion
    header for CORS requests. It should be something that is
    included out of the box because it's part of the core API.

Deployers can workaround this by overriding allow_headers,
but we should provide a better experience out of the box.

    Closes-Bug: #1931908
    Change-Id: Idf4650f36952331f02d7512580c21451f3ee3b63
    (cherry picked from commit b02a95a18b5da37db6d4f30a5dea07e2a4187245)

tags:

added: in-stable-victoria

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-17: Fix included in openstack/nova 24.0.0.0rc1

This issue was fixed in the openstack/nova 24.0.0.0rc1 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-07: Fix included in openstack/nova 22.3.0

#10

This issue was fixed in the openstack/nova 22.3.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-10-07: Fix included in openstack/nova 23.1.0

#11

This issue was fixed in the openstack/nova 23.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-01: Change abandoned on nova (stable/train)

#12

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/train
Review: https://review.opendev.org/c/openstack/nova/+/796863
Reason: stable/train branch of nova projects' have been tagged as End of Life. All open patches have to be abandoned in order to be able to delete the branch.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-07: Change abandoned on nova (stable/ussuri)

#13

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/nova/+/796862
Reason: stable/ussuri branch of openstack/nova transitioned to End of Life and is about to be deleted. To be able to do that, all open patches need to be abandoned.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.