xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.

Opened 2 years ago

Closed 14 months ago

Last modified 10 months ago

#2471 closed task (wontfix)

review websockets layer security

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: minor Milestone: 4.1
Component: network Version: 3.0.x
Keywords: Cc:

Change History (3)

comment:1 Changed 21 months ago by Antoine Martin

Milestone: 4.04.1
Status: newassigned

comment:2 Changed 14 months ago by Antoine Martin

Resolution: wontfix
Status: assignedclosed

The origin header is trivial to modify, so not worth checking.

The rest doesn't apply to us: we handle the websocket layer directly so it can't be misused to access other services, we have our own authentication modules already, and tighter restrictions can be added using firewall / proxies..

comment:3 Changed 10 months ago by migration script

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2471

Note: See TracTickets for help on using tickets.