Re: [libvirt] [PATCH] ESX: Don't automatically follow redirects.
2009/10/28 Daniel P. Berrange <berrange(a)redhat.com>:
On Wed, Oct 28, 2009 at 09:12:06PM +0100, Matthias Bolte wrote:
> The default transport for the VI API is HTTPS. If the server redirects
> from HTTPS to HTTP the driver would silently follow that redirection.
> The user assumes to communicate with the server over a secure transport
> but isn't.
Good catch, this is definitely something we don't want to happen.
> This patch disables automatical redirection following. The driver reports
> an error if the server tries to redirect.
Is the user likely to hit any redirects in the real world, or is this
just an edge case. If they're likely to hit redirects, then we might
want to allow a redirect if it points to another paths on the same
server as the original URI, and is using HTTPS.
Daniel
As far as I can tell it's an edge case.
The available transports can be configured on the ESX server. Default
is HTTPS-only, but you can configure it to use HTTPS+HTTP or
HTTP-only. The ESX server redirects you to the other protocol if you
try to access it via a disabled one. I'm not aware of any other
situation that results in a redirect.
Matthias