Using "success_url" parameter in an URL was introduced in commit a436b12acc85d474f4e71404de771d7143421eed and the corresponding gerrit review is https://review.opendev.org/c/openstack/horizon/+/270461 .
The affected version is horizon 12.0.0 and later (up to the master).
The URL parameter "success_url" is used to control a page shown after succeeding the snapshot update operation, but passing the full URL is not a good way to achieve the goal. Horizon should not depend on an URL passed from users. It should be decided internally.
Perhaps a fix would be to define a subclass of [1] instead of using "success_url" from request.GET.
I confirmed it.
Using "success_url" parameter in an URL was introduced in commit a436b12acc85d47 4f4e71404de771d 7143421eed and the corresponding gerrit review is https:/ /review. opendev. org/c/openstack /horizon/ +/270461 .
The affected version is horizon 12.0.0 and later (up to the master).
The URL parameter "success_url" is used to control a page shown after succeeding the snapshot update operation, but passing the full URL is not a good way to achieve the goal. Horizon should not depend on an URL passed from users. It should be decided internally.
Perhaps a fix would be to define a subclass of [1] instead of using "success_url" from request.GET.
[1] https:/ /opendev. org/openstack/ horizon/ src/branch/ master/ openstack_ dashboard/ dashboards/ project/ snapshots/ views.py# L83