@Paul: can you please describe explicitly the attack scenario here ?
I'm not that experienced with CSRF or CSWF, could you explain how an attacker would redirect a user to an un-encrypted page from the same domain ?
IIUC, all three connections required to connect to a console are protected by TLS:
[1] user requests nova-api and it returns the url of novnc proxy with a token
[2] user connect to novnc proxy and it'll serve javascript to connect to websocket proxy
[3] user's browser connect to websocket proxy
@Paul: can you please describe explicitly the attack scenario here ?
I'm not that experienced with CSRF or CSWF, could you explain how an attacker would redirect a user to an un-encrypted page from the same domain ?
IIUC, all three connections required to connect to a console are protected by TLS:
[1] user requests nova-api and it returns the url of novnc proxy with a token
[2] user connect to novnc proxy and it'll serve javascript to connect to websocket proxy
[3] user's browser connect to websocket proxy
Am I missing something here ?