xpra icon
Bug tracker and wiki

Opened 12 months ago

Closed 11 days ago

#2471 closed task (wontfix)

review websockets layer security

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: minor Milestone: 4.1
Component: network Version: 3.0.x
Keywords: Cc:

Change History (2)

comment:1 Changed 8 months ago by Antoine Martin

Milestone: 4.04.1
Status: newassigned

comment:2 Changed 11 days ago by Antoine Martin

Resolution: wontfix
Status: assignedclosed

The origin header is trivial to modify, so not worth checking.

The rest doesn't apply to us: we handle the websocket layer directly so it can't be misused to access other services, we have our own authentication modules already, and tighter restrictions can be added using firewall / proxies..

Note: See TracTickets for help on using tickets.