Do not return location in headers
In some cases credentials were being leaked when downloading a cached v1 image. Fixes bug 1135541, CVE-2013-1840 Change-Id: Ib16ad40d3ea1c642384053be54ce029c386d7ea6
This commit is contained in:
parent
37d4d96bf8
commit
74b067df97
|
@ -79,6 +79,9 @@ class CacheFilter(wsgi.Middleware):
|
|||
context = request.context
|
||||
try:
|
||||
image_meta = registry.get_image_metadata(context, image_id)
|
||||
# Don't display location
|
||||
if 'location' in image_meta:
|
||||
del image_meta['location']
|
||||
|
||||
if not image_meta['size']:
|
||||
# override image size metadata with the actual cached
|
||||
|
|
Loading…
Reference in New Issue