[Openstack-security] [Bug 1625833] Re: Prevent open redirects as a result of workflow action
OpenStack Infra
1625833 at bugs.launchpad.net
Mon Apr 3 16:21:43 UTC 2017
** Changed in: horizon
Assignee: (unassigned) => Julie Gravel (julie-gravel)
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redirects as a result of workflow action
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
For example:
/admin/flavors/create/?next=http://www.foobar.com/
If a user is tricked into clicking that link, the flavor create
workflow will be shown, but the redirect on form post will
unexpectedly take the user to another site.
Prevent this by checking that the next_url in WorkflowView.post is
same origin.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1625833/+subscriptions
More information about the Openstack-security
mailing list