Looking at the VNC configuration options, there is already an "ssl_only" configuration option to disallow non-encrypted connections. I can piggy-back on that command, and also disallow origin headers that are not HTTPS. That's an easy enough fix, that I'm tempted to use it for Kilo too. No RPC API changes for any release. Thoughts?
Looking at the VNC configuration options, there is already an "ssl_only" configuration option to disallow non-encrypted connections. I can piggy-back on that command, and also disallow origin headers that are not HTTPS. That's an easy enough fix, that I'm tempted to use it for Kilo too. No RPC API changes for any release. Thoughts?