This is not a Horizon issue, this is a deployment issue. Perhaps an opportunity for Fuel installer.
We do already have documented in the security guide that HTTPS should be used: http://docs.openstack.org/security-guide/content/ch025_web- dashboard.html ** Also affects: fuel Importance: Undecided Status: New ** Changed in: horizon Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1412855 Title: Horizon logs in with unencrypted credentials Status in Fuel: OpenStack installer that works: New Status in OpenStack Dashboard (Horizon): Invalid Bug description: Horizon logs-in with unencrypted credentials over HTTP. Steps: 1) Open browser development tools. 2) Log-in to Horizon 3) Find POST request with "/horizon/auth/login" path. Request details: Remote Address:172.16.0.2:80 Request URL:http://172.16.0.2/horizon/auth/login/ Request Method:POST Status Code:302 FOUND Form Data: csrfmiddlewaretoken=ulASpgYAsaikVCWsBxH6kFN2MECpaT9Y®ion=http%3A%2F%2F192.168.0.1%3A5000%2Fv2.0&username=admin&password=admin Actual: security settings are applied on stage of product deployment Expected: use HTTPS by default to improve infrastructure security on stage of installation and deployment. Environment: Fuel "build_id": "2014-12-26_14-25-46","release": "6.0" Dashboard Version: 2014.2 To manage notifications about this bug go to: https://bugs.launchpad.net/fuel/+bug/1412855/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
