OpenStack Identity (keystone)

  1. Bug #1440958
  2. Comment #14

Comment 14 for bug 1440958

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/180343
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b48c820e3015a0d6264df6a0a87bf1a3dbea61c4
Submitter: Jenkins
Branch: master

commit b48c820e3015a0d6264df6a0a87bf1a3dbea61c4
Author: Lin Hua Cheng <email address hidden>
Date: Tue May 5 22:33:24 2015 +0000

    Revert "Loosen validation on matching trusted dashboard"

    Loosening the validation introduce a security hole for unvalidated redirect.

    For example: redirect_url=http://dashboard/sso?next=http://hacksite

    This reverts commit fb6920e5fe1fef2fa32afe602d2bf93f18d48a3f.

    Change-Id: I7e85b2b879f4c66c3664e8610d3ddbb999a5ac75
    Closes-Bug: #1440958