Per RFC 7230 (section A.2), username and password are disallowed in
http/https URIs due to security issues.
** Changed in: horizon
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1458498
Title:
Authenticated URLs not accepted when Launching stacks
Status in OpenStack Dashboard (Horizon):
Won't Fix
Bug description:
When trying to launch a new heat stack from horizon using URL input, the
input validation seemingly only accepts a standard URL (e.g.
https://domain.com/path/to/template.yaml).
However, if a URL contains login credentials (e.g.
https://user:passw...@domain.com/path/to/template.yaml), the input validation
throws "Enter a valid URL". The URL is valid and can be curl'd etc, and while
passing credentials like that may not be the safest, in an isolated network it
is sometimes done.
Horizon shouldn't prevent these types of URLs being entered.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1458498/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
