When I commented out those two options in my Horizon local_settings I was able to get in. We should fix that, although I suspect non-SSL Horizon is a fairly rare use case in the real world. As long as we support non-SSL deployments they should work as expected though.
Looks like the CSRF problem is that if you deploy without SSL we configure Horizon in a broken way. Details in https:/ /ask.openstack. org/en/ question/ 56838/solaris- 112-openstack- csrf-verificati on-failed/
When I commented out those two options in my Horizon local_settings I was able to get in. We should fix that, although I suspect non-SSL Horizon is a fairly rare use case in the real world. As long as we support non-SSL deployments they should work as expected though.