[libvirt] [PATCH] ESX: Don't automatically follow redirects.
Daniel P. Berrange
berrange at redhat.com
Mon Nov 2 16:26:28 UTC 2009
On Mon, Nov 02, 2009 at 05:24:38PM +0100, Matthias Bolte wrote:
> 2009/10/29 Matthias Bolte <matthias.bolte at googlemail.com>:
> > 2009/10/28 Daniel P. Berrange <berrange at redhat.com>:
> >> On Wed, Oct 28, 2009 at 09:12:06PM +0100, Matthias Bolte wrote:
> >>> The default transport for the VI API is HTTPS. If the server redirects
> >>> from HTTPS to HTTP the driver would silently follow that redirection.
> >>> The user assumes to communicate with the server over a secure transport
> >>> but isn't.
> >>
> >> Good catch, this is definitely something we don't want to happen.
> >>
> >>> This patch disables automatical redirection following. The driver reports
> >>> an error if the server tries to redirect.
> >>
> >> Is the user likely to hit any redirects in the real world, or is this
> >> just an edge case. If they're likely to hit redirects, then we might
> >> want to allow a redirect if it points to another paths on the same
> >> server as the original URI, and is using HTTPS.
> >>
> >> Daniel
> >
> > As far as I can tell it's an edge case.
> >
> > The available transports can be configured on the ESX server. Default
> > is HTTPS-only, but you can configure it to use HTTPS+HTTP or
> > HTTP-only. The ESX server redirects you to the other protocol if you
> > try to access it via a disabled one. I'm not aware of any other
> > situation that results in a redirect.
> >
> > Matthias
> >
>
> If not doubts are left then I'm going to push this 5 ESX patches.
ACK, works for me
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list