Keystone API responds with Refused to get unsafe header "X-Subject-Token"

asked 2018-10-11 17:07:53 -0500

fsalaman gravatar image


Openstack version: Queens RDO

I'm not sure it could be a CORS issue, I am allowing the header to be exposed in keystone.conf:

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token


allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name

Chrome Javascript console: Refused to get unsafe header "X-Subject-Token"

I can get the JSON response OK 201 but I can't check the header with XMLHttpRequest.getResponseHeader('X-Subject-Token') in Javascript.

Please help :)

edit retag flag offensive close merge delete