API returns 401 for /v2.1 (when no auth provided)
Bug #1862477 reported by
Radosław Piliszek
This bug report is a duplicate of:
Bug #1845530: Versioned discovery endpoint should not require authentication.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
As the subject goes, nova-api returns 401 for /v2.1 (when no auth provided). This is far from sensitive information as it is revealed on / which does not return 401.
I discovered this debugging js-openstack-lib.
This is not a problem for other tested services (neutron, glance) as they are registered w/o version in catalog.
(please let me know if this is actually desired behavior)
tags: | added: api |
To post a comment you must log in.
With a valid token: 192.168. 121.129/ compute/ v2.1 -> returns 302 192.168. 121.129/ compute/ v2.1/ -> returns the version document 192.168. 121.129/ compute -> returns the version document 192.168. 121.129/ compute/ -> returns the version document
* GET http://
* GET http://
* GET http://
* GET http://
Without token 192.168. 121.129/ compute/ v2.1 -> 401 192.168. 121.129/ compute/ v2.1/ -> 401 192.168. 121.129/ compute -> returns the version document 192.168. 121.129/ compute/ -> returns the version document
* GET http://
* GET http://
* GET http://
* GET http://
So this still seems to be inconsistent