I don't think we should make the registry client send headers. After some more digging I definitely agree there's no security issue here. Keystone's middleware doesn't accept external `X-Tenant-Id` to begin with, which means that whatever we'd send to the registry server could be gathered by the keystone middleware again in the registry side.
I don't think this is a security issue at all. Furthermore, I don't think there's a bug here. AFAICT, it can't be reproduced.
@Stuart
I don't think we should make the registry client send headers. After some more digging I definitely agree there's no security issue here. Keystone's middleware doesn't accept external `X-Tenant-Id` to begin with, which means that whatever we'd send to the registry server could be gathered by the keystone middleware again in the registry side.
I don't think this is a security issue at all. Furthermore, I don't think there's a bug here. AFAICT, it can't be reproduced.