OpenStack Compute (nova)

  1. Bug #1409142
  2. Comment #57

Comment 57 for bug 1409142

Revision history for this message
Paul McMillan (paul-mcmillan) wrote : Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

This approach looks correct to me. The only other thing I'd do is add an assertion that 'origin_parsed.netloc' is not empty - there are some edge cases that can confuse urlparse, and I'd prefer to categorically avoid them.