[nl]

IMHO that's good. I've done some OpenStack work (a JS client), and I think it could benefit from an alternate implementation - there was too much reverse engineering involved.

[justinsb]

Sounds interesting - would love a link to your work if it's open source!

[nl]

I raised a bug on CORS support[1], and then switched over to doing it all Serverside.

I was writing a cross-provider control console. Got a fair way along, but haven't released it.

[1]https://bugs.launchpad.net/oslo/+bug/987044

[justinsb]

Cool idea. I don't see any reason not to support CORS; all the OpenStack requests require a custom Auth http header anyway, so I don't think there's any danger in turning on CORS there. I didn't see anyone in the Launchpad bug report that was against it.

The only call that I think _might_ be dangerous to expose is the login API, but that should be rate-limited and / or have lockout anyway.

I've opened a bug to support CORS in FathomCloud. It's not a lot of work (I already have the filter in the repo, it's just not configured in). I just want to think it through to make sure it's safe: https://github.com/fathomdb/cloud/issues/50

[nl]

If you follow the bug links there was actually an attempt made to fix it, but it was rejected as being incomplete.

I haven't chased it up, but I think it's an important use-case.

[justinsb]

Thanks for pointing out the patch - I'll review the discussion.

It's definitely an important use case - no argument here :-)