Return an HTTP Forbidden code (403) instead of an
HTTP Not Found code (404) if a tenant is trying to
update it's own object. This is a safe adjustment
since the tenant already knows this object exists
so pretending it doesn't isn't improving secuirty
as much as it is causing confusion.
Reviewed: https:/ /review. openstack. org/112150 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=cfea2183906 05e2fe34b225ffa 75b8b5c141f0b9
Committed: https:/
Submitter: Jenkins
Branch: master
commit cfea218390605e2 fe34b225ffa75b8 b5c141f0b9
Author: Kevin Benton <email address hidden>
Date: Thu Jul 31 18:13:52 2014 -0700
Return 403 instead of 404 on attr policy failures
Return an HTTP Forbidden code (403) instead of an
HTTP Not Found code (404) if a tenant is trying to
update it's own object. This is a safe adjustment
since the tenant already knows this object exists
so pretending it doesn't isn't improving secuirty
as much as it is causing confusion.
Closes-Bug: #1352907 bddd53e75c63083 f5da0ecfdec
Change-Id: I021ba6f890dfba