mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
c163601b6c
When Cockpit is not configured any origins, it uses the host and protocol of the incoming request to set the allowed origin for WebSocket connections. By ensuring that the original host/protocol is passed on to Cockpit from the browser, we can eliminate the need for configuring a pre-determined list of origins. Passing the host and protocol from the browser is done by setting ProxyPreserveHost and using https:// for proxying. For a cross-site request, Origin: and Host: entries won't match and '403 Forbidden' is thrown. So, this approach is still safe. Tests: - Without the patch, access Cockpit using IP address and it fails. Apply the patch. Cockpit setup should run. Origins= directive in the configuration file /etc/cockpit/cockpit.conf should get removed. Accessing with IP address and logging in succeeds. - Freshly setup a container with the patch and access Cockpit using IP address. This works and login succeeds. - Test on stable and testing containers. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
14 lines
257 B
Python
14 lines
257 B
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
URLs for Cockpit module.
|
|
"""
|
|
|
|
from django.urls import re_path
|
|
|
|
from plinth.views import AppView
|
|
|
|
urlpatterns = [
|
|
re_path(r'^sys/cockpit/$', AppView.as_view(app_id='cockpit'),
|
|
name='index'),
|
|
]
|