OpenStack Compute (nova)

  1. Bug #1409142
  2. Comment #94

Comment 94 for bug 1409142

Revision history for this message
Andrew Laski (alaski) wrote : Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

Unfortunately the defaults are all http://127.0.0.1. But I don't think it's reasonable to break the websocket proxy for someone because they chose to use http for one type and https for another. We could look at deprecating that usage, but it shouldn't just be broken outright.