Skip to content

Revert "vicadmin redirect/force TLS (#7960)"#8165

Merged
zjs merged 1 commit intovmware:masterfrom
zjs:revert/eebb2cc
Aug 7, 2018
Merged

Revert "vicadmin redirect/force TLS (#7960)"#8165
zjs merged 1 commit intovmware:masterfrom
zjs:revert/eebb2cc

Conversation

@zjs
Copy link
Member

@zjs zjs commented Jul 30, 2018

Due to the potential for attacks like sslstrip, redirection from HTTP to HTTPS may be as insecure as allowing HTTP traffic in the absence of HSTS. Remove support for redirection until HSTS is supported by VIC.

Ref: https://tools.ietf.org/html/rfc6797#section-2.3.1

This reverts commit eebb2cc.

[specific ci=Group9-VIC-Admin]

For more information, see vmware/vic-tasks#58.

@zjs
Revert "vicadmin redirect/force TLS (vmware#7960)"
81e40f2 
Due to the potential for attacks like sslstrip, redirection from HTTP
to HTTPS may be as insecure as allowing HTTP traffic in the absence of
HSTS. Remove support for redirection until HSTS is supported by VIC.

Ref: https://tools.ietf.org/html/rfc6797#section-2.3.1

This reverts commit eebb2cc.
@zjs zjs self-assigned this Jul 30, 2018
@zjs zjs requested review from hickeng and lcastellano July 30, 2018 22:34
@zjs zjs requested a review from a team as a code owner July 30, 2018 22:34
hickeng
hickeng approved these changes Aug 6, 2018
View reviewed changes
Copy link
Contributor

@hickeng hickeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stuclem I'm unsure if this requires a documentation change - I cannot tell whether #7960 would have had doc associated with it.

@stuclem
Copy link

stuclem commented Aug 7, 2018

@hickeng if this only relates to accessing the VCH Admin portal, then I think that we're OK. We don't mention HTTP-to-HTTPS redirects in the doc:

From https://vmware.github.io/vic-product/assets/files/html/1.4/vic_vsphere_admin/access_vicadmin.html:

You access the VCH Admin portal in the following places:

  • In the HTML5 vSphere Client, go to Home > vSphere Integrated Containers > vSphere Integrated Containers > Virtual Container Hosts and click the link to the VCH Admin portal.
  • In the HTML5 vSphere Client or Flex-based vSphere Web Client, got to Hosts and Clusters, select a VCH endpoint VM, and click the link to the VCH Admin portal in the Summary tab.
  • Copy the address of the VCH Admin portal from the output of vic-machine create or vic-machine inspect.

@zjs zjs merged commit 6680484 into vmware:master Aug 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@hickeng hickeng hickeng approved these changes

@lcastellano lcastellano lcastellano approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zjs zjs

Labels

cla-not-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zjs @stuclem @hickeng @lcastellano @vmwclabot