Merge "Horizon: HTTP Verb Tampering vulnerability fix"

This commit is contained in:
Zuul 2018-10-01 07:34:14 +00:00 committed by Gerrit Code Review
commit 653ee1330b
2 changed files with 5 additions and 0 deletions

View File

@ -27,6 +27,8 @@ function start () {
# wsgi/horizon-http needs open files here, including secret_key_store
chown -R horizon ${SITE_PACKAGES_ROOT}/openstack_dashboard/local/
a2enmod rewrite
if [ -f /etc/apache2/envvars ]; then
# Loading Apache2 ENV variables
source /etc/apache2/envvars

View File

@ -74,6 +74,9 @@ conf:
WSGIProcessGroup horizon-http
WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^(POST|PUT|GET|DELETE)
RewriteRule .* - [F]
<Location "/">
Require all granted