[Kimchi-devel] [PATCH 7/8] websockets: Disallow non-encrypted client connections
Aline Manera
alinefm at linux.vnet.ibm.com
Mon May 5 18:08:19 UTC 2014
From: Aline Manera <alinefm at br.ibm.com>
As all HTTP requests are redirected to HTTPS, we should only use
encryted connections to websockets.
Fix it.
Signed-off-by: Aline Manera <alinefm at br.ibm.com>
---
src/kimchi/vnc.py | 3 ++-
ui/pages/spice.html.tmpl | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 3339014..002b950 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -45,7 +45,8 @@ def new_ws_proxy():
cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
args = ['python', cmd, config.get('display', 'display_proxy_port'),
'--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key,
- '--web', os.path.join(paths.ui_dir, 'pages/websockify')]
+ '--web', os.path.join(paths.ui_dir, 'pages/websockify'),
+ '--ssl-only']
p = subprocess.Popen(args, close_fds=True)
return p
diff --git a/ui/pages/spice.html.tmpl b/ui/pages/spice.html.tmpl
index 3e43306..d2eb8ca 100644
--- a/ui/pages/spice.html.tmpl
+++ b/ui/pages/spice.html.tmpl
@@ -59,7 +59,7 @@
}
function connect() {
- var host, port, token, password, scheme = "ws://", uri;
+ var host, port, token, password, scheme = "wss://", uri;
host = getParameter("listen");
port = getParameter("port");
token = getParameter("token");
@@ -136,4 +136,4 @@
<!-- If DUMPXXX is turned on, dumped images will go here -->
</div>
</body>
-</html>
\ No newline at end of file
+</html>
--
1.7.10.4
More information about the Kimchi-devel
mailing list