If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Easiest way to reproduce:
$ curl 'https://$NOVNCPROXY_HOST:$NOVNCPROXY_PORT/websockify' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Protocol: binary, base64' --compressed curl: (52) Empty reply from server
This request leads to following message in nova-novncproxy.log:
2015-09-17 18:45:45.443 14494 INFO nova.console.websocketproxy [-] handler exception: Illegal key value: ?
In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name.
If cookie with invalid name (with '?' for example) is passed in the query, websocketproxy will fail to handle this query. Easiest way to reproduce:
$ curl 'https:/ /$NOVNCPROXY_ HOST:$NOVNCPROXY_ PORT/websockify ' -H 'Sec-WebSocket- Version: 13' -H 'Sec-WebSocket-Key: dGVzdAo=' -H 'Upgrade: websocket' -H 'Cookie: ?=!' -H 'Connection: Upgrade' -H 'Sec-WebSocket- Protocol: binary, base64' --compressed
curl: (52) Empty reply from server
This request leads to following message in nova-novncproxy .log:
2015-09-17 18:45:45.443 14494 INFO nova.console. websocketproxy [-] handler exception: Illegal key value: ?
In real world this may happen when horizon is running on subdomain (e.g. sub.example.com), while some other "broken" application on parent domain (e.g. example.com) sets cookie with invalid name.