Almost all OpenStack APIs are WSGI applications, and they generally use paste to assemble the middleware stack for the application. If we just add in middleware that enables CORS, we're all set. I went with wsgicors, a dead simple WSGI middleware for CORS headers. Start by installing it on the node that serves the OpenStack APIs.
pip install wsgicors
The next step is to inject the new middleware into the API pipelines. For this example, I'll use Keystone. Edit
/etc/keystone/keystone-paste.ini and add the following section.
[filter:cors] use = egg:wsgicors#middleware policy = open open_origin = * open_headers = * open_methods = * open_maxage = 86400
cors to the beginning of each
pipeline section, like so.
[pipeline:public_api] pipeline = cors stats_monitoring sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service [pipeline:admin_api] pipeline = cors sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3] pipeline = cors stats_reporting sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3 [pipeline:public_version_api] pipeline = cors sizelimit url_normalize xml_body public_version_service [pipeline:admin_version_api] pipeline = cors sizelimit url_normalize xml_body admin_version_service
Then restart Keystone with
service keystone restart (assuming you're on a distro with Upstart or similar).
That's it! Now you should be able to use the OpenStack APIs from the browser. Good luck!