OpenStack Compute (nova)

  1. Bug #1927677
  2. Comment #1

Comment 1 for bug 1927677

Revision history for this message
Swe W Aung (sirswa) wrote : Re: novnc allowing open direction which could potentially be used for phishing

You can also test from the host that running novnc service,

nova:~# curl -v 'http://127.0.0.1:6080//google.com/%2F..'
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 6080 (#0)
> GET //google.com/%2F.. HTTP/1.1
> Host: 127.0.0.1:6080
> User-Agent: curl/7.58.0
> Accept: */*
>
 < HTTP/1.1 301 Moved Permanently
< Server: WebSockify Python/3.6.9
< Date: Fri, 07 May 2021 04:49:39 GMT
< Location: //google.com/%2F../
* no chunk, no close, no size. Assume close to signal end
<