Ok. Thanks for taking a look. Kevin ________________________________________ From: David Stanek [dstanek at dstanek.com] Sent: Wednesday, July 06, 2016 5:36 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [security] [horizon] Security implications of exposing a keystone token to a JS client On 07/01 at 19:41, Fox, Kevin M wrote: > Hi David, > > How do you feel about the approach here: > https://review.openstack.org/#/c/311189/ > > Its lets the existing angular js module: > horizon.app.core.openstack-service-api.keystone > > access the current token via getCurrentUserSession().token > Hey Kevin, It's hard to tell without a lot of the context. From what I can tell the token is pulled down as part of the data of an API request. As long as that's not cached I think you are OK. -- David Stanek web: http://dstanek.com blog: http://traceback.org __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev