openstack
/
horizon
Code Issues Proposed changes
horizon/horizon
History
Radomir Dopieralski cd4e6db77a
Fix open redirect 
Make sure the "next" URL is in the same origin as Horizon before
redirecting to it.

Conflicts:
	horizon/test/unit/workflows/test_workflows.py

Adapted to work with Django before 1.11 which only has a host argument,
instead of allowed_hosts for django.utils.http.is_safe_url().

Change-Id: I06b2bfc8e3638591615547780c3fa34b0abe19f6
Closes-bug: #1865026
(cherry picked from commit 252467100f)
(cherry picked from commit baa370f843)
(cherry picked from commit 6c208edf32)
(cherry picked from commit 8825407c1b)
 		2020-12-21 14:54:39 +01:00
..
browsers Enable to refresh ngdetails view 2018-02-07 15:19:17 +04:00
conf hacking: noqa cleanup in horizon 2017-03-17 19:38:47 +00:00
contrib Fix H405 (multi line docstring) warnings (horizon) 2017-06-09 16:04:57 +00:00
forms Add render method to ThemableCheckboxSelectMultiple 2018-01-16 15:46:24 +00:00
hacking Eliminate mutable default arguments 2015-12-17 09:58:46 +00:00
locale Imported Translations from Zanata 2018-03-01 07:36:04 +00:00
management pull_catalog: avoid internet access during module loading 2017-11-21 19:43:59 +00:00
middleware operation_log: Mask more password fields by default 2018-02-16 18:31:39 +00:00
static Fix back button on Firefox and Safari 2018-01-31 10:20:02 +00:00
tables Fix actions inside instance details view page 2017-11-17 10:04:04 +00:00
tabs Fix H405 (multi line docstring) warnings (horizon) 2017-06-09 16:04:57 +00:00
templates Merge "Show instance resize and rebuild actions in red" 2017-08-04 11:09:23 +00:00
templatetags Use flake8-import-order plugin 2017-07-03 08:02:23 +00:00
test Fix open redirect 2020-12-21 14:54:39 +01:00
utils Make @memoize thread-aware 2018-06-04 12:34:05 +04:00
workflows Fix open redirect 2020-12-21 14:54:39 +01:00
__init__.py Revert "Enable to refresh ngdetails view" 2017-08-02 18:31:22 +00:00
base.py Fix Angular errors in openstack_auth 2018-03-29 10:49:55 +09:00
context_processors.py Remove extraneous vim configuration comments 2014-05-06 15:30:10 +08:00
decorators.py Views accessible via url even if user doesn't match policy rules 2018-02-09 15:18:11 +01:00
exceptions.py Fix H405 (multi line docstring) warnings (horizon) 2017-06-09 16:04:57 +00:00
karma.conf.js Makes the xstatic files lookup dynamic in the tests 2017-07-27 10:01:33 -04:00
loaders.py hacking: noqa cleanup in horizon 2017-03-17 19:38:47 +00:00
messages.py hacking: noqa cleanup in horizon 2017-03-17 19:38:47 +00:00
notifications.py Ensure log messages are not translated 2017-04-11 10:24:01 +00:00
site_urls.py hacking: noqa cleanup in horizon 2017-03-17 19:38:47 +00:00
themes.py Added SELECTABLE_THEMES setting 2017-07-26 11:52:35 +01:00
version.py Remove extraneous vim configuration comments 2014-05-06 15:30:10 +08:00
views.py Fix H405 (multi line docstring) warnings (horizon) 2017-06-09 16:04:57 +00:00