Loading...

XML

Word

Printable

Epic Name:
Restrict ALLOWED_HOSTS for Horizon access
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Parent Link:
OSPRH-811Red Hat OpenStack 18.0 Greenfield Deployment
Color Status:
Not Selected
Dev Approval:
Proposed
Docs Approval:
No Docs Impact
Epic Status:
To Do
Feature Link:
OSPRH-811 - Red Hat OpenStack 18.0 Greenfield Deployment
PM Approval:
Proposed
QE Approval:
Proposed
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Release Note Text:

Hide
.Host spoofing protective measure

Before this update, the hosts configuration option was not populated with the minimum hosts necessary to protect against host spoofing.

With this update, the hosts configuration option is now correctly populated.

Show
.Host spoofing protective measure Before this update, the hosts configuration option was not populated with the minimum hosts necessary to protect against host spoofing. With this update, the hosts configuration option is now correctly populated.
Release Note Type:
Bug Fix
Release Note Status:
Done
Test Coverage:

Rejected
Intelligence Requested:
Market:

We currently set `ALLOWED_HOSTS=*`. This is a vulnerability regression and should be limited to only the hosts that should be served by Django:
https://docs.djangoproject.com/en/5.0/ref/settings/#allowed-hosts

This was originally changed to ensure that the liveness check would not fail, since the liveness check accesses the server using the IP address of the pod and is random each time a pod is created:
https://github.com/openstack-k8s-operators/horizon-operator/commit/842186a5d26a96c1b78be8e7925ee6f9b74aa7de