Reviewed: https://review.openstack.org/642397 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=e37a508636f78a08cc750dccd9a9e85141c492c8 Submitter: Zuul Branch: master
commit e37a508636f78a08cc750dccd9a9e85141c492c8 Author: vmarkov <[email protected]> Date: Wed Mar 6 16:57:09 2019 +0200 Implement CSRF_COOKIE_HTTPONLY option support Proposed patch allows passing of CSRF token as hidden input in template. Without it, turning on of CSRF_COOKIE_HTTPONLY severely degrades Horizon functionality. Change-Id: I1b1db496c31e6c64d0c205189e845c2cc0c09184 Closes-bug: #1819423 ** Changed in: horizon Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1819423 Title: Horizon does not support CSRF_COOKIE_HTTPONLY option Status in OpenStack Dashboard (Horizon): Fix Released Bug description: Steps to reproduce: Deploy Openstack, Devstack Pike is enough add following option into /etc/openstack-dashboard/local_settings.py : CSRF_COOKIE_HTTPONLY = True Restart Apache Expected result: Horizon works Actual result: Several issues appear in Horizon. Request to /api/policy returns 403, and "Policy check failed" warning displayed. At least "Launch instance" and "Create image" dashboards are affected To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1819423/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
