Ok. Thanks for taking a look.
From: David Stanek [dsta...@dstanek.com]
Sent: Wednesday, July 06, 2016 5:36 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [security] [horizon] Security implications of
By caching, do you mean not persisting it in local storage or a cookie? Would
it be okay to store in a variable in browser memory for the duration of the
session to be used with subsequent API requests?
On 7/6/16, 6:36 PM, "David Stanek" wrote:
On 07/01 at 19:41, Fox, Kevin M wrote:
> Hi David,
> How do you feel about the approach here:
> Its lets the existing angular js module:
> access the current token via
How do you feel about the approach here:
Its lets the existing angular js module:
access the current token via getCurrentUserSession().token
On 06/29 at 21:10, Timur Sufiev wrote:
> Hello, vigilant folks of OpenStack Security team!
> The commit(s) I'd like you to take a look at introduces a new Horizon
> feature, Create (Glance) Image using CORS (AKA Cross-Origin Resource
> Sharing) .
> The main idea is to bypass Horizon
I am not sure if this is a valid concern. If I am using a CLI and someone gets access to my computer, they can do whatever they well please. If I am using Horizon and someone gets access, its going to be the same story, they can still do damage even without knowing the token (at least until the
Ah. I was going to bring this up eventually but hadn't gotten to it yet.
I started up a patch for adding similar support for horizon here:
My intention is to use it to make a Horizon Plugin to speak to a Keystone
authenticated Kubernetes api directly.
Hello, vigilant folks of OpenStack Security team!
The commit(s) I'd like you to take a look at introduces a new Horizon
feature, Create (Glance) Image using CORS (AKA Cross-Origin Resource
The main idea is to bypass Horizon web-server when uploading large local
image and to send it