Reviewed: https://review.openstack.org/593650 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=16c4f4c3a294040bb87386156dab49f2b782ce21 Submitter: Zuul Branch: master
commit 16c4f4c3a294040bb87386156dab49f2b782ce21 Author: Radomir Dopieralski <openst...@sheep.art.pl> Date: Mon Aug 20 16:41:30 2018 +0200 Don't expose endpoint URLs in the login form Instead of using endpoint URLs to designate regions in the login form and its cookies, use numbers. This way, if internal URLs are configured, they won't be exposed to the outside. Change-Id: Ifed089e7cee3075bf2dc5d1ce77b0e1b1d091ca0 Closes-bug: #1787943 ** Changed in: horizon Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1787943 Title: Internal endpoint address revealed in a cookie Status in django-openstack-auth: New Status in OpenStack Dashboard (Horizon): Fix Released Bug description: When the user logs in, django-openstack-auth sets a "login_region" key in the cookie to the value of the internal Keystone address. This is a potential security problem, as information about the internal addresses is leaked to the outside. To manage notifications about this bug go to: https://bugs.launchpad.net/django-openstack-auth/+bug/1787943/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp