yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1822676] Re: novnc no longer sets token inside cookie

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1822676@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Jun 2019 12:15:21 -0000
Reply-to: Bug 1822676 <1822676@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/649372
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=9606c80402f6db20d62b689c58aa8f024183628a
Submitter: Zuul
Branch:    master

commit 9606c80402f6db20d62b689c58aa8f024183628a
Author: Mohammed Naser <mnaser@xxxxxxxxxxxx>
Date:   Tue Apr 2 11:34:58 2019 -0400

    Add 'path' query parameter to console access url
    
    Starting in noVNC v1.1.0, the token query parameter is no longer
    forwarded via cookie [1]. We must instead use the 'path' query
    parameter to pass the token through to the websocketproxy [2].
    This means that if someone deploys noVNC v1.1.0, VNC consoles will
    break in nova because the code is relying on the cookie functionality
    that v1.1.0 removed.
    
    This modifies the ConsoleAuthToken.access_url property to include the
    'path' query parameter as part of the returned access_url that the
    client will use to call the console proxy service.
    
    This change is backward compatible with noVNC < v1.1.0. The 'path' query
    parameter is a long supported feature in noVNC.
    
    Co-Authored-By: melanie witt <melwittt@xxxxxxxxx>
    
    Closes-Bug: #1822676
    
    [1] https://github.com/novnc/noVNC/commit/51f9f0098d306bbc67cc8e02ae547921b6f6585c
    [2] https://github.com/novnc/noVNC/pull/1220
    
    Change-Id: I2ddf0f4d768b698e980594dd67206464a9cea37b


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1822676

Title:
  novnc no longer sets token inside cookie

Status in OpenStack Compute (nova):
  Fix Released
Status in openstack-ansible:
  New

Bug description:
  For a long time, noVNC set the token inside a cookie so that when the
  /websockify request came in, we had it in the cookies and we could
  look it up from there and return the correct host.

  However, since the following commit, they've removed this behavior

  https://github.com/novnc/noVNC/commit/51f9f0098d306bbc67cc8e02ae547921b6f6585c
  #diff-1d6838e3812778e95699b90d530543a1L173

  This means that we're unable to use latest noVNC with Nova.  There is
  a really gross workaround of using the 'path' override in the URL for
  something like this

  http://foo/vnc_lite.html?path=?token=foo

  That feels pretty lame to me and it will have all deployment tools
  change their settings.  Also, this wasn't caught in CI because we
  deploy novnc from packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1822676/+subscriptions

References

[Bug 1822676] [NEW] novnc no longer sets token inside cookie
From: Mohammed Naser, 2019-04-01