For the REST API to be visible from browser it should either be on the same domain and port or it should implement CORS spec (Cross-site HTTP requests, https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS).
If REST API implements CORS, then every HTTP request will be preceded with OPTIONS request to check the real invocation is allowed. In practice, all the API services are usually proxied from a single location, so URL naming scheme is very desirable. Anton On Wed, Nov 12, 2014 at 3:21 PM, Darren Kenny <darren.ke...@oracle.com> wrote: > Chris Dent wrote: > >> On Tue, 11 Nov 2014, Adam Young wrote: >> >> My suggestion, from a while ago, was to have a naming scheme that >>> deconflicts putting all of the services onto a single server, on port 443. >>> >> >> +1 >> >> The current state of affairs is indeed weird. >> > > It is, and as BUIs move more towards client's doing the access of the > URLs, it > is something we need to fix - since most browsers restrict cross-domain > access (including different ports on the same host) for security reasons. > > This is the reason that the Horizon guys wrote a kind of reverse-proxy > WSGI to enable demonstrations of the AngularJS work last week - so that > all the REST API calls were back to the origin of Horizon itself. > > >> Is this something that ought to be considered in the api-wg's >> discussions? >> >> > That would appear to fit within the aims of that working group. > > Thanks, > > Darren. > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
