Navigation Menu

Skip to content

Commit

Permalink
Do not return location in headers
Browse files Browse the repository at this point in the history 
In some cases credentials were being leaked when downloading a cached
v1 image.

Fixes bug 1135541, CVE-2013-1840

Change-Id: Ib16ad40d3ea1c642384053be54ce029c386d7ea6
  • Loading branch information
Stuart McLaren committed Mar 14, 2013
1 parent 37d4d96 commit 74b067d
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions glance/api/middleware/cache.py
View file
Expand Up @@ -79,6 +79,9 @@ def process_request(self, request):
context = request.context
try:
image_meta = registry.get_image_metadata(context, image_id)
# Don't display location
if 'location' in image_meta:
del image_meta['location']

if not image_meta['size']:
# override image size metadata with the actual cached
Expand Down

0 comments on commit 74b067d

Please sign in to comment.