Comment 14 for bug 1308413
Revision history for this message
| Flavio Percoco (flaper87) wrote Re: Missing x-tenant-id header to registry will return all images while using v2 api with registry | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Stuart
I don't think we should make the registry client send headers. After some more digging I definitely agree there's no security issue here. Keystone's middleware doesn't accept external `X-Tenant-Id` to begin with, which means that whatever we'd send to the registry server could be gathered by the keystone middleware again in the registry side.
I don't think this is a security issue at all. Furthermore, I don't think there's a bug here. AFAICT, it can't be reproduced.