)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1736,"name":"Ivan Kolodyazhny","email":"e0ne@e0ne.info","username":"e0ne"},"change_message_id":"92c236d38f3fdc25adc9e710aa4b39d0ae9b675b","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"By using OPENSTACK_KEYSTONE_URL instead of the HTTP_REFERRER"},{"line_number":10,"context_line":"the authentication request between Horizon and Keystone continues"},{"line_number":11,"context_line":"to work in situations where the HTTP_REFERRER is an external keystone"},{"line_number":12,"context_line":"endpoint that Horizon does not have access to."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I9c5c8d59c5f5a8570dbb563ae224d45406a73ba5"},{"line_number":15,"context_line":"Closes-bug: #1874705"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"ff570b3c_60804df6","line":12,"range":{"start_line":11,"start_character":32,"end_line":12,"end_character":45},"updated":"2020-05-20 12:23:22.000000000","message":"Can use internal endpoint in the horizon configuration? Will it fix your issue?","commit_id":"27a16a24ae71e965d367b574ce91c84961eccdf5"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"a987667f6f26166f987799140574558b39ede1df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"6b77fe20_538fe439","updated":"2021-12-23 05:22:43.000000000","message":"LGTM.","commit_id":"510a08ccb125f4cad5c5ce9867a1863de4f8bef9"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"cf1ec81051243f68b3bed98621639e88fda395c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"8459c19c_3a0bdc86","updated":"2021-12-17 14:18:05.000000000","message":"Would be really great to be able to review/merge this patch as operators have legitimate requirements to run their control planes completely isolated from any external networks. Notably, devstack makes no effort to provide this isolation so situations which deployers face are never seen in openstack development/CI scenarios.\n\nIn this scenario it is not possible to configure horizon to use the internal endpoint, because with isolated networks the external keystone endpoints are correct for the client client browser, but horizon itself is communicating with keystone over the internal endpoint. This kind of split configuration is not possible with the current config options for horizon/websso.\n\nIn our case the fully isolated control plane behind internet facing external endpoints has provided us an excellent guard for our adjacent ELK stack against the recent log4j vulnerabilities which rely on being able to make outbound requests. I hope this provides context about why this patch is important to some operators.","commit_id":"510a08ccb125f4cad5c5ce9867a1863de4f8bef9"},{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"1e110df1b74dd28d59a592b2aac2b759b599c226","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"20df8e1e_f01f5288","updated":"2022-01-12 08:41:21.000000000","message":"Considering Last P.S already have two +2 and current P.S. only removing a space in release note.\nSo approving it.","commit_id":"33292ca0a467637971c73f420166b4077e941e20"}],"doc/source/configuration/settings.rst":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"2a6dbeac5b3eb2ab938bbf90d87b4721b3500494","unresolved":true,"context_lines":[{"line_number":1718,"context_line":"WEBSSO_USE_HTTP_REFERER"},{"line_number":1719,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":1720,"context_line":""},{"line_number":1721,"context_line":".. versionadded:: 19.3.0(Wallaby)"},{"line_number":1722,"context_line":""},{"line_number":1723,"context_line":"Default: ``True``"},{"line_number":1724,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"68de7161_b401d891","line":1721,"range":{"start_line":1721,"start_character":25,"end_line":1721,"end_character":32},"updated":"2021-07-21 14:38:46.000000000","message":"Xena?","commit_id":"5c2695c45e56c95c78990c520c5bf358c0106d28"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"29504f39fd39fca1fc4db71ff93adab51ddeb040","unresolved":false,"context_lines":[{"line_number":1718,"context_line":"WEBSSO_USE_HTTP_REFERER"},{"line_number":1719,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":1720,"context_line":""},{"line_number":1721,"context_line":".. versionadded:: 19.3.0(Wallaby)"},{"line_number":1722,"context_line":""},{"line_number":1723,"context_line":"Default: ``True``"},{"line_number":1724,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"faaad30b_5891ebe4","line":1721,"range":{"start_line":1721,"start_character":25,"end_line":1721,"end_character":32},"in_reply_to":"68de7161_b401d891","updated":"2021-07-22 13:22:10.000000000","message":"Done","commit_id":"5c2695c45e56c95c78990c520c5bf358c0106d28"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"2a6dbeac5b3eb2ab938bbf90d87b4721b3500494","unresolved":true,"context_lines":[{"line_number":1727,"context_line":"the HTTP_REFERER is used to derive the Keystone endpoint to pass requests to."},{"line_number":1728,"context_line":"As previous requests to an external IdP will be using Keystone\u0027s external"},{"line_number":1729,"context_line":"endpoint, this HTTP_REFERER will be Keystone\u0027s external endpoint."},{"line_number":1730,"context_line":"As Horizon is unable to connect to Keystone\u0027s external endpoint in this setup"},{"line_number":1731,"context_line":"this leads to a time out. ``WEBSSO_USE_HTTP_REFERER`` can be set to False to"},{"line_number":1732,"context_line":"use the ``OPENSTACK_KEYSTONE_URL`` instead, which should be set to an internal"},{"line_number":1733,"context_line":"Keystone endpoint, so that this request will succeed."}],"source_content_type":"text/x-rst","patch_set":2,"id":"77a8fa32_2511b6ff","line":1730,"range":{"start_line":1730,"start_character":0,"end_line":1730,"end_character":13},"updated":"2021-07-21 14:38:46.000000000","message":"When horizon is....","commit_id":"5c2695c45e56c95c78990c520c5bf358c0106d28"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"29504f39fd39fca1fc4db71ff93adab51ddeb040","unresolved":false,"context_lines":[{"line_number":1727,"context_line":"the HTTP_REFERER is used to derive the Keystone endpoint to pass requests to."},{"line_number":1728,"context_line":"As previous requests to an external IdP will be using Keystone\u0027s external"},{"line_number":1729,"context_line":"endpoint, this HTTP_REFERER will be Keystone\u0027s external endpoint."},{"line_number":1730,"context_line":"As Horizon is unable to connect to Keystone\u0027s external endpoint in this setup"},{"line_number":1731,"context_line":"this leads to a time out. ``WEBSSO_USE_HTTP_REFERER`` can be set to False to"},{"line_number":1732,"context_line":"use the ``OPENSTACK_KEYSTONE_URL`` instead, which should be set to an internal"},{"line_number":1733,"context_line":"Keystone endpoint, so that this request will succeed."}],"source_content_type":"text/x-rst","patch_set":2,"id":"2a349868_4902762f","line":1730,"range":{"start_line":1730,"start_character":0,"end_line":1730,"end_character":13},"in_reply_to":"77a8fa32_2511b6ff","updated":"2021-07-22 13:22:10.000000000","message":"Done","commit_id":"5c2695c45e56c95c78990c520c5bf358c0106d28"}],"releasenotes/notes/support-websso_use_http_referer-6fb2dc0d292b54d4.yaml":[{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"a987667f6f26166f987799140574558b39ede1df","unresolved":true,"context_lines":[{"line_number":12,"context_line":"    functionality. When set to False the OPENSTACK_KEYSTONE_URL is used"},{"line_number":13,"context_line":"    instead of the HTTP_REFERER. If OPENSTACK_KEYSTONE_URL is set to the"},{"line_number":14,"context_line":"    internal Keystone endpoint the requests between Horizon and Keystone"},{"line_number":15,"context_line":"    should be able to connect. "}],"source_content_type":"text/x-yaml","patch_set":7,"id":"a1716698_908270f5","line":15,"range":{"start_line":15,"start_character":30,"end_line":15,"end_character":31},"updated":"2021-12-23 05:22:43.000000000","message":"super nit: please remove this empty space.","commit_id":"510a08ccb125f4cad5c5ce9867a1863de4f8bef9"}]}