On 04/30/2014 03:20 PM, Aline Manera wrote:
Applied. Thanks.
Regards,
Aline Manera
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel
After applying this patch and make more tests I noticed we need to
improve it.
In this way we are exposing all the noVNC files and let websockify web
server render the noVNC page.
The websockify web server is limited - as far as I know it only exposes
and renders content in a directory.
So if someone has the URL
https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encry...
he/she can access
the VM console without Kimchi authentication.
My idea is very similar to what is being doing today BUT instead of
exposing all the noVNC files, we expose just one vnc.html
That html will redirect the user to Kimchi vnc.html (so Kimchi will be
responsible to render noVNC page) and we can add
authentication to it
The big picture will be:
JS connectToVNC() will redirect to
https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encry...
https://host-ip:64667/vnc.html will redirect to
https://host-ip:8001/vnc.html after loading the page.
So if the user haven't accepted the CA yet he/she will be able to do it
beforing being redirected to Kimchi page.
I am working in a patch to do what I described above and also add Kimchi
authentication to vnc.html and spice.html