remove token from notifier middleware

oslo-incubator sync to address the security bug
in middleware (as below).

notifier middleware is capturing token and sending it to MQ. this
is not advisable so we should filter it out.

Change-Id: Ia1bfa1bd24989681db1d2f385defc12e69a01f8d
Closes-Bug: #1321080
This commit is contained in:
Grant Murphy 2014-06-23 05:07:54 +00:00
parent a2c909ca4b
commit 264f3b0d96
2 changed files with 2 additions and 2 deletions

View File

@ -1,6 +1,6 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4 # vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (c) 2013 OpenStack LLC. # Copyright (c) 2013 OpenStack Foundation
# All Rights Reserved. # All Rights Reserved.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # Licensed under the Apache License, Version 2.0 (the "License"); you may

View File

@ -66,7 +66,7 @@ class RequestNotifier(base.Middleware):
""" """
return dict((k, v) for k, v in environ.iteritems() return dict((k, v) for k, v in environ.iteritems()
if k.isupper()) if k.isupper() and k != 'HTTP_X_AUTH_TOKEN')
@log_and_ignore_error @log_and_ignore_error
def process_request(self, request): def process_request(self, request):