yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1458498] [NEW] Authenticated URLs not accepted when Launching stacks

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sia Gholami <siagholami@xxxxxxxxx>
Date: Mon, 25 May 2015 09:54:30 -0000
Reply-to: Bug 1458498 <1458498@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When trying to launch a new heat stack from horizon using URL input, the input validation seemingly only accepts a standard URL (e.g. https://domain.com/path/to/template.yaml).
However, if a URL contains login credentials (e.g. https://user:password@xxxxxxxxxx/path/to/template.yaml), the input validation throws "Enter a valid URL". The URL is valid and can be curl'd etc, and while passing credentials like that may not be the safest, in an isolated network it is sometimes done.
Horizon shouldn't prevent these types of URLs being entered.

** Affects: horizon
Importance: Undecided
Status: New

** Tags: heat

** Description changed:

- If trying to launch a new heat stack from horizon, using URL input, the input validation seemingly only accepts a standard URL (e.g. https://domain.com/path/to/template.yaml).
+ When trying to launch a new heat stack from horizon using URL input, the input validation seemingly only accepts a standard URL (e.g. https://domain.com/path/to/template.yaml).
However, if a URL contains login credentials (e.g. https://user:password@xxxxxxxxxx/path/to/template.yaml), the input validation throws "Enter a valid URL". The URL is valid and can be curl'd etc, and while passing credentials like that may not be the safest, in an isolated network it is sometimes done.
Horizon shouldn't prevent these types of URLs being entered.

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1458498

Title:
Authenticated URLs not accepted when Launching stacks

Status in OpenStack Dashboard (Horizon):
New

Bug description:
When trying to launch a new heat stack from horizon using URL input, the input validation seemingly only accepts a standard URL (e.g. https://domain.com/path/to/template.yaml).
However, if a URL contains login credentials (e.g. https://user:password@xxxxxxxxxx/path/to/template.yaml), the input validation throws "Enter a valid URL". The URL is valid and can be curl'd etc, and while passing credentials like that may not be the safest, in an isolated network it is sometimes done.
Horizon shouldn't prevent these types of URLs being entered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1458498/+subscriptions

Follow ups

[Bug 1458498] Re: Authenticated URLs not accepted when Launching stacks
From: Gary W. Smith, 2017-10-18
[Bug 1458498] [NEW] Authenticated URLs not accepted when Launching stacks
From: Sia Gholami, 2015-05-25

References

[Bug 1458498] [NEW] Authenticated URLs not accepted when Launching stacks
From: Sia Gholami, 2015-05-25