GraphQL WebSocket connections not working on Chromium Edge on Windows 10 #3
Comments
|
I have a PR that should fix this #5 Can you try out the kubetail/[email protected] helm chart? This should work: |
|
Does this need some time to work? EDIT: NVM, reading the bloody output helps 🤣 |
|
Hey hey! 🎉
|
|
Nice!!! Thanks for testing it out. The PR changes the way that kubetail protects against cross-site WebSocket connection requests so I want to tread carefully and double check the code before publishing a new release. Will try to get it out asap. If you have some time, it'd be useful to get another set of eyes on this: #5. I'm using a cookie with |
|
Not sure how valuable my input is here, I see what you're trying to achieve here, however I am not well versed enough in Go and front-end development to make a fair judgment. |
…ens (#6) To protect against CSWSH attacks we need a way to identify cross-site requests and prevent them from connecting to the server. The easiest way to do this is by ensuring that the request Host and Origin are the same but unfortunately, kubectl proxy modifies the request Host so we can't use this method. Another easy method is to check the Sec-Fetch-Site header but unfortunately it isn't implemented in some popular browsers (see #3) so we can't use this method either. Instead, this PR uses the old-school method of CSRF token validation to identify cross-site requests and block them. After a WebSocket connection is made, the client is required to authenticate using the CSRF token value. If the token fails validation the connection is closed, otherwise it is allowed to continue. This PR also moves the GraphiQL playground interface to a static page accessible at /graphiql.
|
The fix is live in kubetail:0.1.3 (chart v0.1.9): I changed the strategy from using a |
|
Just updated, everything is working 👍 |
|
Nice! Thanks again for your help debugging the problem. |
No description provided.
The text was updated successfully, but these errors were encountered: