search

OpenNebula / one

The open source Cloud & Edge Computing Platform bringing real freedom to your Enterprise Cloud 🚀
http://opennebula.io
Apache License 2.0
1.23k stars 478 forks source link

The webauthn_origin is not set correctly in the docker image #5896

Open telmich opened 2 years ago

telmich commented 2 years ago

/!\ To report a security issue please follow this procedure: [https://github.com/OpenNebula/one/wiki/Vulnerability-Management-Process]

Description

It is always set to http://localhost:9869, which does not work.

To Reproduce Run the docker image

Expected behavior

Use

SET :webauthn_origin "http://${OPENNEBULA_HOST}:${SUNSTONE_PORT}"

in frontend-functions.sh

Details

Progress Status

telmich commented 2 years ago

Correction: the logic should be the same as in the following if/else, just also setting webauthn_origind

    # this will decide where sunstone will point client to fireedge
    if is_true "${SUNSTONE_HTTPS_ENABLED}" ; then
        onecfg_helper /etc/one/sunstone-server.conf <<EOF
SET :public_fireedge_endpoint "https://${OPENNEBULA_HOST}:${SUNSTONE_TLS_PORT}"
EOF
    else
        onecfg_helper /etc/one/sunstone-server.conf <<EOF
SET :public_fireedge_endpoint "http://${OPENNEBULA_HOST}:${SUNSTONE_PORT}"
EOF
    fi