Internal endpoint address revealed in a cookie
Bug #1787943 reported by
Radomir Dopieralski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Undecided
|
Radomir Dopieralski | ||
django-openstack-auth |
New
|
Undecided
|
Radomir Dopieralski |
Bug Description
When the user logs in, django-
Changed in django-openstack-auth: | |
assignee: | nobody → Radomir Dopieralski (deshipu) |
Changed in horizon: | |
assignee: | nobody → Radomir Dopieralski (deshipu) |
To post a comment you must log in.
The code responsible for this is here: /github. com/openstack/ django_ openstack_ auth/blob/ stable/ ocata/openstack _auth/views. py#L108- L109
https:/
We should probably encrypt the value somehow before setting it.