Closed prasadasokan closed 4 years ago
vania-pooh
commented
5 years ago @prasadasokan don't get the question about Origin header but take a look at Selenoid UI code - there noVNC is configured to use selenoid as password. https://github.com/aerokube/selenoid-ui/blob/master/web/src/components/VncCard/VncScreen.js#L72
prasadasokan
commented
5 years ago @vania-pooh We are able to use selenoid as password and connect to the socket. But is there a way to change it and also hash it so that it isn't visible to end users from the browser?
Also, regarding Origin headers, say if I host this as selenoid.example.com, the ws should be restricted to honour requests from selenoid.example.com alone and not from other hosts. Is that possible?
vania-pooh
commented
5 years ago @prasadasokan password is hard-coded to images, so there is no way. Also we have no specific configuration of Origin handler handling in Selenoid. I think this could be implemented as a new feature.
prasadasokan
commented
5 years ago Thanks @vania-pooh Should I create a separate feature request?
Also, the selenoid serves ws and this when accessed over a site with HTTPS, we get insecure content error and had to allow insecure Websocket from https. Is there a way to overcome the same with out changing the browser configuration?
vania-pooh
commented
5 years ago @prasadasokan I think you have to set up reverse proxy with SSL certs to proxy to Selenoid.
prasadasokan
commented
5 years ago @vania-pooh Thanks, will try a reverse proxy. With multiple selenoid's running, do you think proxying vnc sessions via GGR will be better rather than individual hosts? We are trying to hit ws using ggr and we are seeing 1006 connection closed. Although the documentation says vnc sessions over ws can be proxied via GGR. Any clue why this isn't working?
vania-pooh
commented
5 years ago @prasadasokan yes, Ggr is an efficient proxy and proxying websockets seems to work.
vania-pooh
commented
4 years ago Selenoid UI seems to work in HTTPS installation. Closing this because of inactivity. Feel free to reopen if still having questions.
We are using noVNC to communicate with the Websocket on Selenoid and have the following two queries.
1) The ws endpoint needs authentication and as of selenoid is the password. Can this be changed and can this also be hashed when rendered? Meaning, can this be masked/encrypted when loaded on the browser so that on the client side, this password isn't visible 2) Is there a way to restrict ws endpoint based on origin header?