HI,
I've applied the same fix to wok branch / new-ui template files. I will include in the
next series of patches.
Thanks,
Samuel
-----Original Message-----
From: kimchi-devel-bounces(a)ovirt.org [mailto:kimchi-devel-bounces@ovirt.org] On Behalf Of
Rodrigo Trujillo
Sent: terça-feira, 1 de setembro de 2015 15:13
To: kimchi-devel(a)ovirt.org
Subject: [Kimchi-devel] [PATCH] Avoid show user/password in url browser
There is a remote, but real, possibility that kimchi.min.js breaks and is not loaded for
some reason in Kimchi login page. If this happen, the form submmit action is not going to
be binded to a javascript function that calls a AJAX POST request. Then the browser is
going to submmit the form in the default way: using a GET request. GET requests add form
data in the URL, so user will be able to see the user and password in the URL field and in
the log:
"GET /login.html?username=321&password=234 HTTP/1.0" 200 2936
"https://localhost:8001/login.html" "Mozilla/5.0 (X11; Fedora; Linux
x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"
This patch fixes this problem adding 'method="post"' in the login html
form.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo(a)linux.vnet.ibm.com>
---
ui/pages/login.html.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl index e2f6855..55848b4
100644
--- a/ui/pages/login.html.tmpl
+++ b/ui/pages/login.html.tmpl
@@ -79,7 +79,7 @@
<div id="messUserPass" class="err-mess"
style="display: none;">$_("The username or password you entered is
incorrect. Please try again.")</div>
<div id="messSession" class="err-mess"
style="display: none;">$_("Session timeout, please
re-login.")</div>
</div>
- <form id="form-login" class="login-panel">
+ <form id="form-login" class="login-panel"
method="post">
<div class="row">
<input type="text" id="username"
name="username" required="required" placeholder="$_("User
Name")" autofocus/>
<div id="username-msg"
class="msg-required"></div>
--
2.1.0
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel