yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1819423] [NEW] Horizon does not support CSRF_COOKIE_HTTPONLY option

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Vadym Markov <1819423@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Mar 2019 08:58:05 -0000
Reply-to: Bug 1819423 <1819423@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Steps to reproduce:
Deploy Openstack, Devstack Pike is enough 

add following option into /etc/openstack-dashboard/local_settings.py :

CSRF_COOKIE_HTTPONLY = True

Restart Apache

Expected result:

Horizon works

Actual result:
Several issues appear in Horizon. Request to /api/policy returns 403, and "Policy check failed" warning displayed. At least "Launch instance" and "Create image" dashboards are affected

** Affects: horizon
     Importance: Undecided
         Status: New

** Attachment added: "Screen Shot 2018-11-09 at 12.52.45 PM.png"
   https://bugs.launchpad.net/bugs/1819423/+attachment/5245358/+files/Screen%20Shot%202018-11-09%20at%2012.52.45%20PM.png

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1819423

Title:
  Horizon does not support CSRF_COOKIE_HTTPONLY option

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Steps to reproduce:
  Deploy Openstack, Devstack Pike is enough 

  add following option into /etc/openstack-dashboard/local_settings.py :

  CSRF_COOKIE_HTTPONLY = True

  Restart Apache

  Expected result:

  Horizon works

  Actual result:
  Several issues appear in Horizon. Request to /api/policy returns 403, and "Policy check failed" warning displayed. At least "Launch instance" and "Create image" dashboards are affected

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1819423/+subscriptions

Follow ups

[Bug 1819423] Re: Horizon does not support CSRF_COOKIE_HTTPONLY option
From: OpenStack Infra, 2019-03-12