search

sagemathinc / cocalc-docker

DEPRECATED (was -- Docker setup for running CoCalc as downloadable software on your own computer)
https://cocalc.com
Other
398 stars 103 forks source link

Unable to serve public files #153

Closed arm2arm closed 2 years ago

arm2arm commented 2 years ago

I got following problem with slides, unable to share publicly the generated slides: http://*:18080/slides.html if user logged in everything works as expected.

https://mythost/{PRJID}/server/18080/slides.html#/

Then visiting the URL using non logged browser getting following error: 

426 (UPGRADE REQUIRED): reload CoCalc tab or restart your browser -- version=NaN < minVersion=0

everything is self hosted in a docker.

what's going wrong here? thanks in advanced.

williamstein commented 2 years ago

This is intentional and part of the security model. The servers served from a cocalc project can only be accessed by a user signed in who is a collaborator on that project. Most things people would serve from a project introduce major security vulnerabilities (e.g., arbitrary code execution).

You could in theory change your cocalc-docker server to change how cocalc works, since the source code is included. It's also I think possible to run cocalc in an extremely insecure mode where there is only one user, they are admin, and anybody who connects is signed in automatically as that user...

arm2arm commented 2 years ago

thank you for the explanation, i can see coros issue etc in the Webbrowser console.

we can close this issue, I will suggest users to login first ...

williamstein commented 2 years ago

we can close this issue, I will suggest users to login first ...

Sure.

For the record, I'm definitely open to the possibility of projects hosting publicly facing services. However, the way this might work needs some thought, due to security/robustness concerns... Probably https://github.com/sagemathinc/cocalc would be the place for such a ticket.

williamstein commented 2 years ago

Oh, one other thought -- a normal user could just open a port on cocalc docker to the outside world, and you could directly connect to that. This would work just like if cocalc wasn't involved at all. Of course, you would have to somehow expose that port via docker, etc., so it's very awkward.

arm2arm commented 2 years ago

i want to avoid a headache 😃, i will open an temporal accounts and lock them later.

William Stein @.***> schrieb am So., 6. Feb. 2022, 20:45:

Oh, one other thought -- a normal user could just open a port on cocalc docker to the outside world, and you could directly connect to that. This would work just like if cocalc wasn't involved at all. Of course, you would have to somehow expose that port via docker, etc., so it's very awkward.

— Reply to this email directly, view it on GitHub https://github.com/sagemathinc/cocalc-docker/issues/153#issuecomment-1030900586, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARNPM4UADWTBOBN7JYP36LUZ3FT7ANCNFSM5NVVHEFA . You are receiving this because you modified the open/close state.Message ID: @.***>