starlingx/openstack-armada-app
Code Issues Proposed changes
openstack-armada-app/openstack-helm
History
Alex Figueiredo 2f7492a0b1 [horizon] fix https login 
When the stx-openstack is deployed with https enabled (certificate and
domain_name setup), the horizon login is failing and the following
message is displayed: "Cookies may be turned off. Make sure cookies are
enabled and try again". Checking horizon log, it's possible to see that
auth request is failing with "Origin checking failed".

This is hapenning because Django version used by horizon was upversioned
from Django 3.2 to Django 4.2 for stx-opentack caracal [1]. After
version 4.0, CSFR protection implemented by Django consults the Origin
header and requires the CSRF_TRUSTED_ORIGINS config to be defined [2].

To fix this issue, this change cherry-picks the changes [3] and [4]
already merged to the openstack-helm repos, and updates the horizon
plugin to dynamically set the CSRF_TRUSTED_ORIGINS config based on the
current definitions for endpoint_domain and serviceEndpointPattern [5].

[1]https://review.opendev.org/c/starlingx/root/+/940739
[2]https://docs.djangoproject.com/en/4.2/releases/4.0/#csrf
[3]https://review.opendev.org/c/openstack/openstack-helm/+/922755
[4]https://review.opendev.org/c/openstack/openstack-helm/+/922973
[5]https://review.opendev.org/c/starlingx/openstack-armada-app/+/931836

Test Plan:
[PASS] build stx-openstack tarball

HTTPS Test Case:
[PASS] install openstack with certificate and domain_name setup
[PASS] Access horizon via fqdn (e.g.: https://horizon-<domain>.com/)

HTTP Test Case:
[PASS] install openstack without certificate and domain_name setup
[PASS] Access horizon via ip:port (e.g.: http://<ip>:<port>/)

Closes-Bug: #2103799

Change-Id: Icd4820e16c1faa9247dd675b1dc24f6e5a343a25
Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
2025-03-21 15:39:02 -03:00
..
debian
[horizon] fix https login
2025-03-21 15:39:02 -03:00
files
Recreating required files for files folder
2024-02-08 13:10:02 -03:00
Readme.rst
Adding openstack-helm and openstack-helm-infra to the build
2018-11-06 09:38:06 -06:00

Readme.rst

This repo is for https://github.com/openstack/openstack-helm

Changes to this repo are needed for StarlingX and those changes are not yet merged. Rather than clone and diverge the repo, the repo is extracted at a particular git SHA, and patches are applied on top.

As those patches are merged, the SHA can be updated and the local patches removed.