** Also affects: horizon
Importance: Undecided
Status: New
** No longer affects: openstack-manuals
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1431458
Title:
Incorrect link/terminology on Deploying Horizon page
Status in OpenStack Dashboard (Horizon):
New
Bug description:
On this page:
https://github.com/openstack/horizon/blob/master/doc/source/topics/deployment.rst
, towards the bottom in "Secure Site Recommendations", the text says
"To help protect the session cookies from cross-site scripting add the
following" and then proceeds to document settings which set the
cookies to "secure".
Preventing from cross-site scripting is done by another cookie
setting, HttpOnly. The link in this text also refers to OWASP
HttpOnly.
Ideally sensitive cookies like sessionid and csrf tokens will be
protected by both settings. In any case these two cookie options
should be mentioned separately as they are both important and serve
different purposes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1431458/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
