proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-08-08 07:16:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

spiceproxy: use POST instead of GET

Browse Source 
using GET is a security risk (no CSRF checks)
This commit is contained in:
Dietmar Maurer 2013-12-09 08:17:52 +01:00
parent 787dec6ef2
commit 78252ce7d0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PVE/API2/Qemu.pm
View File

@ -1348,9 +1348,9 @@ __PACKAGE__->register_method({
__PACKAGE__->register_method({ __PACKAGE__->register_method({
name => 'spiceproxy', name => 'spiceproxy',
path => '{vmid}/spiceproxy', path => '{vmid}/spiceproxy',
method => 'GET', method => 'POST',
protected => 1, protected => 1,
proxyto => 'node', # fixme: use direct connections or ssh tunnel? proxyto => 'node',
permissions => { permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
}, },