yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1458498] Re: Authenticated URLs not accepted when Launching stacks

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Gary W. Smith" <gary.smith@xxxxxxxx>
Date: Wed, 18 Oct 2017 14:45:02 -0000
Reply-to: Bug 1458498 <1458498@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Per RFC 7230 (section A.2), username and password are disallowed in
http/https URIs due to security issues.

** Changed in: horizon
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1458498

Title:
  Authenticated URLs not accepted when Launching stacks

Status in OpenStack Dashboard (Horizon):
  Won't Fix

Bug description:
  When trying to launch a new heat stack from horizon using URL input, the input validation seemingly only accepts a standard URL (e.g. https://domain.com/path/to/template.yaml).
  However, if a URL contains login credentials (e.g. https://user:password@xxxxxxxxxx/path/to/template.yaml), the input validation throws "Enter a valid URL". The URL is valid and can be curl'd etc, and while passing credentials like that may not be the safest, in an isolated network it is sometimes done.
  Horizon shouldn't prevent these types of URLs being entered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1458498/+subscriptions

References

[Bug 1458498] [NEW] Authenticated URLs not accepted when Launching stacks
From: Sia Gholami, 2015-05-25