| 2015-09-17 17:15:59 |
Ivan Mironov |
description |
If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Easiest way to reproduce:
$ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
curl: (52) Empty reply from server
This request leads to following message in nova-novncproxy.log:
2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-] handler exception: Illegal key value: ?
In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name. |
If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Because of this, instance console is not working in Horizon ("Failed to connect to server (code: 1006)"). Easiest way to reproduce:
$ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed
curl: (52) Empty reply from server
This request leads to following message in nova-novncproxy.log:
2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-] handler exception: Illegal key value: ?
In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name. |
|
