CORS in the mgmt http api

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

CORS in the mgmt http api

carlhoerberg
What about adding CORS headers to the mgmt HTTP API responses, so that the API can be used from other client side apps?  

https://github.com/rabbitmq/rabbitmq-management/issues/3

Reply | Threaded
Open this post in threaded view
|

Re: CORS in the mgmt http api

Simon MacMullen-2
On 25/03/13 14:24, carlhoerberg wrote:
> What about adding CORS headers to the mgmt HTTP API responses, so that the
> API can be used from other client side apps?
>
> https://github.com/rabbitmq/rabbitmq-management/issues/3

As I said at the issue: we don't want to add
"Access-Control-Allow-Origin: *", this is a security thing.

Allowing you to configure mgmt so that it allows custom headers to be
set would be OK I guess.

What is your use case though? Are you intending to write an alternate
web UI? :-)

Cheers, Simon

--
Simon MacMullen
RabbitMQ, VMware
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: CORS in the mgmt http api

carlhoerberg
i am, i find that the current interface is very sluggish (it even blocks the event loop(!)) with many users/vhosts and/or connections/channels. figured i could at least give it a try..



On Monday 25 March 2013 at 22:55, Simon MacMullen-2 [via RabbitMQ] wrote:

> On 25/03/13 14:24, carlhoerberg wrote:
> > What about adding CORS headers to the mgmt HTTP API responses, so that the
> > API can be used from other client side apps?
> >
> > https://github.com/rabbitmq/rabbitmq-management/issues/3
>
> As I said at the issue: we don't want to add
> "Access-Control-Allow-Origin: *", this is a security thing.
>
> Allowing you to configure mgmt so that it allows custom headers to be
> set would be OK I guess.
>
> What is your use case though? Are you intending to write an alternate
> web UI? :-)
>
> Cheers, Simon
>
> --
> Simon MacMullen
> RabbitMQ, VMware
> _______________________________________________
> rabbitmq-discuss mailing list
> [hidden email] (/user/SendEmail.jtp?type=node&node=25696&i=0)
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
>
> If you reply to this email, your message will be added to the discussion below: http://rabbitmq.1065348.n5.nabble.com/CORS-in-the-mgmt-http-api-tp25693p25696.html 
> To unsubscribe from CORS in the mgmt http api, click here (
> NAML (
http://rabbitmq.1065348.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml)



Reply | Threaded
Open this post in threaded view
|

Re: CORS in the mgmt http api

Simon MacMullen-2
Hmm, I would like to fix the existing web UI if you are having trouble
with it. Can you give more information about how many of each type of
object you have?

Cheers, Simon

On 25/03/13 15:00, carlhoerberg wrote:

> i am, i find that the current interface is very sluggish (it even blocks
> the event loop(!)) with many users/vhosts and/or connections/channels.
> figured i could at least give it a try..
>
>
>
> On Monday 25 March 2013 at 22:55, Simon MacMullen-2 [via RabbitMQ] wrote:
>
>  > On 25/03/13 14:24, carlhoerberg wrote:
>  > > What about adding CORS headers to the mgmt HTTP API responses, so
> that the
>  > > API can be used from other client side apps?
>  > >
>  > > https://github.com/rabbitmq/rabbitmq-management/issues/3
>  >
>  > As I said at the issue: we don't want to add
>  > "Access-Control-Allow-Origin: *", this is a security thing.
>  >
>  > Allowing you to configure mgmt so that it allows custom headers to be
>  > set would be OK I guess.
>  >
>  > What is your use case though? Are you intending to write an alternate
>  > web UI? :-)
>  >
>  > Cheers, Simon
>  >
>  > --
>  > Simon MacMullen
>  > RabbitMQ, VMware
>  > _______________________________________________
>  > rabbitmq-discuss mailing list
>  > [hidden email] (/user/SendEmail.jtp?type=node&node=25696&i=0)
>  > https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>  >
>  >
>  > If you reply to this email, your message will be added to the
> discussion below:
> http://rabbitmq.1065348.n5.nabble.com/CORS-in-the-mgmt-http-api-tp25693p25696.html
>
>  > To unsubscribe from CORS in the mgmt http api, click here (
>  > NAML
> (http://rabbitmq.1065348.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml)
>
>
>
>
>
> ------------------------------------------------------------------------
> View this message in context: Re: CORS in the mgmt http api
> <http://rabbitmq.1065348.n5.nabble.com/CORS-in-the-mgmt-http-api-tp25693p25697.html>
> Sent from the RabbitMQ mailing list archive
> <http://rabbitmq.1065348.n5.nabble.com/> at Nabble.com.
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> [hidden email]
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>


--
Simon MacMullen
RabbitMQ, VMware
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: CORS in the mgmt http api

carlhoerberg
Right now on one of my clusters:

Vhosts: 762
Users: 762
Connections: 557
Channels: 1256
Exchanges: 6094
Queues: 3426
Consumers: 1071



The main problem seems to be "sammy", which seems to be blocking the whole event loop while waiting for stuff to load. For instance you can do nothing until the vhost drop down is populated. And at any point there's no response while clicking the tabs, until 10-30 seconds later, when the data for that page is loaded. Api requests seems to be loaded serially not in parallel, while for instance going to the users page, first /api/persmissions is loaded, first when that's done the request to /api/users is issued..