Remove insecure WebSockets from stock OpenSRF configs
Bug #1667091 reported by
Galen Charlton
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenSRF |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
OpenSRF WebSockets over port 7680 (or proxied via port 80) is an exposure of patron information bug waiting to happen. We should stop shipping configs that expose insecure WebSockets; if a knowledgable user truly wants to offer an insecure WS endpoint, it's easy enough for them to work that out on their own.
Changed in opensrf: | |
importance: | Undecided → Wishlist |
Changed in opensrf: | |
assignee: | nobody → Bill Erickson (berick) |
status: | New → Confirmed |
Changed in opensrf: | |
milestone: | 2.5-beta → 2.5-rc |
Changed in opensrf: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Branch pushed:
http:// git.evergreen- ils.org/ ?p=working/ OpenSRF. git;a=shortlog; h=refs/ heads/user/ berick/ lp1667091- kill-insecure- ws-config
In addition to the 2 Apache sample configs, this includes a change to the nginx config to proxy websockets/443 request to the SSL endpoint internally.