Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 5267263f4e4f8505c4c972fff2fd6f31831f15b2
commit5267263f4e4f8505c4c972fff2fd6f31831f15b2[log] [tgz]
authorLeo Henken <lh236s@att.com>Fri Aug 02 11:42:52 2019 -0500
committerOleh Hryhorov <ohryhorov@mirantis.com>Sun Jan 08 12:06:02 2023 +0000
treecd40861d08a392086c5cab7faf8ecfab5f345190
parentf4bf8e06f4b4218244bc8016a77a7a38327a6ad1 [diff]
Fix test_novnc to adequately validate websocket upgrade

Currently, test_novnc validates the websocket upgrade by verifying
that the websocket response reports a protocol switch and that the
response includes a server name specified in the configuration
field vnc_server_header. This explicit server name configuration
field introduces a security concern and convolutes the code base.

HTTP RFC7231 (https://tools.ietf.org/html/rfc7231) section 6.2.2
says that when switching protocols, the response "MUST generate
an Upgrade header field that indicates which protocols will be
switched to".

This patchset uses this required Upgrade field to validate the
websocket upgrade instead of an environment-based configuration
field, making the code base cleaner, safer, and more reliable.

vnc_server_header is deprecated and necessary release notes are
created.

Change-Id: I5d3c9bdd0d20a15ade672f276dd0f24b654e3de5
Closes-bug: #1838777
Closes-bug: #1840788
3 files changed
tree: cd40861d08a392086c5cab7faf8ecfab5f345190
  1. doc/
  2. etc/
  3. playbooks/
  4. releasenotes/
  5. roles/
  6. tempest/
  7. tools/
  8. .coveragerc
  9. .gitignore
  10. .gitreview
  11. .mailmap
  12. .stestr.conf
  13. .zuul.yaml
  14. bindep.txt
  15. HACKING.rst
  16. LICENSE
  17. README.rst
  18. requirements.txt
  19. REVIEWING.rst
  20. setup.cfg
  21. setup.py
  22. test-requirements.txt
  23. tox.ini