This patch fixes the Cross-Site Request Forgery (CSRF) attack against
the keypair generation pages:
- HORIZON_URL/project/key_pairs/PAIRNAME/generate/
- HORIZON_URL/project/key_pairs/PAIRNAME/download/
These pages exposed creating and/or overwriting a keypair with a given
name via a CSRF attack.
This patch closes these holes by using only POST-based keypair creation,
and exposing the keypair in the contents of a modal dialog instead of a
download, which ultimately requires a GET. It uses the same client-side
features for both the Launch Instance keypair creation and Compute / Key
Pairs panel.
Closes-Bug: 1575913
Change-Id: Ie5ca28ff2bd806eb1481eba6f419b797b68856b6
d07fedc45f