2ffcf18d00
Related-bug: 1409142 As part of the fix for the related bug - we've added protocol checking to mitigate MITM attacks, however we base protocol checking on a config option that is normally only intended for compute hosts. This is quite user hostile, as it is now important that all nodes running compute and proxy services have this option in sync. We can do better than that - we can persist the URL the client is expected to use, and once we get it back on token validation, we can make sure that the request is using the intended protocol, mitigating the MITM injected script attacks. This patch makes sure that the access_url is persisted with the token - the follow-up patch makes consoles use that info. Change-Id: I02a377f54de46536ca35413b615d3298967afc33 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_consoleauth.py | ||
| test_rpcapi.py | ||