The Dashboard (horizon) is the OpenStack dashboard that provides users a self-service portal to provision their own resources within the limits set by administrators. These include provisioning users, defining instance flavors, uploading virtual machine (VM) images, managing networks, setting up security groups, starting instances, and accessing the instances through a console.
The Dashboard is based on the Django web framework, ensuring secure deployment practices for Django apply directly to horizon. This guide provides a set of Django security recommendations. Further information can be found by reading the Django documentation.
The Dashboard ships with default security settings, and has deployment and configuration documentation.
DISALLOW_IFRAME_EMBEDparameter set to
CSRF_COOKIE_SECUREparameter set to
SESSION_COOKIE_SECUREparameter set to
SESSION_COOKIE_HTTPONLYparameter set to