[Openstack-security] [openstack/nova] SecurityImpact review request change Ica6ec23d6f69a236657d5ba0c3f51b693c633649
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Mar 11 21:16:33 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/163033
Log:
commit d02b258d24355768ddf4bf3b1f6016b7affc65b2
Author: Dave McCowan <dmccowan at cisco.com>
Date: Mon Mar 2 15:00:22 2015 -0500
Websocket Proxy should verify Origin header
If the Origin HTTP header passed in the WebSocket handshake does
not match the host, this could indicate an attempt at a
cross-site attack. This commit adds a check to verify
the origin matches the host.
SecurityImpact
Change-Id: Ica6ec23d6f69a236657d5ba0c3f51b693c633649
Closes-Bug: 1409142
More information about the Openstack-security
mailing list