OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1256983
Comment #22

Comment 22 for bug 1256983

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-12: Fix merged to heat (master)

#22

Reviewed: https://review.openstack.org/61455
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=759ee38c53a5e469b8333856e60a0827175457e7
Submitter: Jenkins
Branch: master

commit 759ee38c53a5e469b8333856e60a0827175457e7
Author: Steven Hardy <email address hidden>
Date: Mon Dec 2 23:59:19 2013 +0000

Deny API requests where context doesn't match path

    We shouldn't overwrite the context tenant_id (which comes from the
    scope of the auth_token) with that from the path, instead raise a
    HTTPForbidden exception if the path-provided tenant_id doesn't match
    the context.

Change-Id: Ib6fb9881103312f7492081a20178f12309f35d81
Closes-Bug: #1256983