Possible XSS / clickjacking, missing headers
Bug #1637112 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Invalid
|
High
|
Sergii Rizvan |
Bug Description
Detailed bug description:
HTTP request to http://
HTTP response code was an expected 200
HTTP header 'Content-Type' was present and matched expectation
HTTP header 'Content-
HTTP header 'X-Frame-Options' not present
Expected results:
Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed.
Changed in fuel: | |
importance: | Undecided → High |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
Changed in fuel: | |
assignee: | MOS Maintenance (mos-maintenance) → Sergii Rizvan (srizvan) |
Changed in fuel: | |
status: | Triaged → Invalid |
milestone: | 8.0-mu-4 → 8.0-updates |
To post a comment you must log in.
http:// 10.226. 6.13:10000/ login.jsp is not a Fuel endpoint. Most likely this bug report is invalid and not related to Fuel.