Im using apache guacamole with tomcat 8
I have an issue which if im loggedin in a browser (chrome) tab, and i open another tab it is reconnecting me to the same user i have logged in the first tab,
I do not want this behavior as i need it to be able to work with a lot of users on the same browser with different tabs.
I cant always open incognito \ clean cache. ( and also 2 pages of incognito of the same webpage also redirect)
My python code which redirect to apache guacamle RDP connection is a simple redirect to html page:
from flask import Flask, request, render_template, redirect
return render_template('gqm.html')
Somone has some recommandtion of a browser \ configuration i can change in tomcat or my python code?
To maybe send forced clear cookie\cache to this specific site connection?
Solved this by not giving a uniq user to a uniq connection, but giving the same user (guacadmin) and blocked the user from seeing home page, using nginx :
location / {
proxy_pass http://guacamole:8080/guacamole/;
rewrite ^.*api/session/data/postgresql.*/activeConnections.* /no_such_page last;
so when i redirect client to a connection using the url token he cannot do logout\home page as it will give him an error.
Related
Background:
I've built and deployed an app with Google Cloud Firebase. At a high level, I have a Python Flask server running on Cloud Run, and I serve static JS files with Firebase hosting.
Issue:
Sometimes, I want to redirect the user, but I'm sending them to the Cloud Run service URL rather than my app domain.
EDIT: I'm NOT experiencing this in the JS on the browser, but ONLY in the Python on the server.
Python
If a user navigates to a page without being signed in, e.g. following a link, they are redirected to my login page. For example, if someone who is not signed in tries to look at someone else's profile, the following code redirects them to the authentication blueprint's login endpoint:
if not session.get('user'):
return redirect(url_for('authentication.login'))
I would expect them to be redirected to my-app-name.web.app/auth/login but instead they're routed to my-cloudrun-service-name-XXXXX-region.run.app/auth/login. While the pages loaded look the same, they're really not. The second one redirects to the Cloud Run service URL, which doesn't have my static files served by Firebase Hosting.
I'm not really sure, but I believe this happens because Flask is generating the URL using the request context. So the request from the browser hits Cloud Run Load Balancer, which directs the request to my Cloud Run instance, but that means the Flask app in my Cloud Run instance only sees the internal Google Cloud redirect, and it doesn't know my domain.
I've tried solving this by setting app.config['SEVER_NAME'] = my-app-name.web.app, but I just get the "Not Found" page on each request. Is SEVER_NAME the solution but I'm not implementing it correctly, or is there another way to fix the Flask url_for generation?
I've found what I deem to be an effective solution / workaround.
I set the app config to store my BASE_URL when the app is created:
app.config['BASE_URL'] = 'https://my-url.domain'
Then I can access this as application context during requests, even from blueprints:
#blueprint.route('my_route/')
def my_route():
if not session.get('user'):
return redirect(current_app.config['BASE_URL'] + url_for('authentication.login', 302)
This has two key benefits for me:
There's only one place, the app config, to update if I change the domain
url_for is still used, so there's no hardcoding in case blueprints or routes change
I have set up a virtual machine(eg., ckan.test.com) and set up CKAN on that machine. Every thing looks fine until i try to submit any form. If i try to submit any form it will automatically redirect to localhost:5000.
Ex: Login page is http://ckan.test.com/user/login. Once i enter credentials and login its redirecting to http://localhost:5000/user/logged_in. If i replace localhost:5000 with ckan.test.com it takes me to the correct home page.
Can any one tell me whats going on
CKAN form submissions now have absolute redirect links - i.e. including the host name. The only way that CKAN knows what host it is deployed to is what you put in your ckan config. So in your ckan config (ini) file change the option to:
ckan.site_url = http://ckan.test.com
instead of http://127.0.0.1:5000.
I have my web app API running.
If I go to http://127.0.0.1:5000/ via any browser I get the right response.
If I use the Advanced REST Client Chrome app and send a GET request to my app at that address I get the right response.
However this gives me a 503:
import requests
response = requests.get('http://127.0.0.1:5000/')
I read to try this for some reason:
s = requests.Session()
response = s.get('http://127.0.0.1:5000/')
But I still get a 503 response.
Other things I've tried: Not prefixing with http://, not using a port in the URL, running on a different port, trying a different API call like Post, etc.
Thanks.
Is http://127.0.0.1:5000/ your localhost? If so, try 'http://localhost:5000' instead
Just in case someone is struggling with this as well, what finally worked was running the application on my local network ip.
I.e., I just opened up the web app and changed the app.run(debug=True) line to app.run(host="my.ip.address", debug = True).
I'm guessing the requests library perhaps was trying to protect me from a localhost attack? Or our corporate proxy or firewall was preventing communication from unknown apps to the 127 address. I had set NO_PROXY to include the 127.0.0.1 address, so I don't think that was the problem. In the end I'm not really sure why it is working now, but I'm glad that it is.
Facebook login is redirecting back to https URL when it should be going back to http
Correct URL: http://127.0.0.1:8000/social/complete/facebook/?redirect_state=
After Facebook login, the URL being redirected to is https://127.0.0.1:8000/social/complete/facebook/?redirect_state=
developers.facebook.com app 'Valid OAuth redirect URIs' is set to http://127.0.0.1:8000
I've also set SOCIAL_AUTH_REDIRECT_IS_HTTPS = False in settings.py but this hasn't solved the issue.
I've also struggled to get facebook to work in dev.
I'm not sure if this helps your case but the only way I got facebook auth to work (in dev) with python-social-auth (0.2.1) was by adding a host in my hosts file (I'm on mac OS X so n my case /private/etc/hosts), like this:
127.0.0.1 www.dummyurl.com
And in the config (facebook developers app page Settings):
Basic:
Site URL
http://www.dummyurl.com:8000/
Advanced:
Deauthorize Callback URL
http://www.dummyurl.com:8000/
Valid OAuth redirect URIs
http://www.dummyurl.com:8000/
After the log in I get redirected to
http://www.dummyurl.com:8000/#_=_
However, I can only test this login with the user that registered the application.
Again I don't know if this helps your case I hope it does in a way that you can check a working app configuration.
Hope it helps :)
To give some more context:
We have an fb app which gets served under:
domain.com/fb/
and we have the normal site which gets served under
domain.com
Our fb app serves domain.com/fb/ in an iframe and is accesiable via:
apps.facebook.com/ourappname/
I'm currently having an issue with only IE, which caused request.user to be an anonymous user, even when the user is logged in (Only in IE) everything works fine in all other browsers. The reason for the request.user to be an anonymous is that the session cookie is not being set. I verified this by inspecting the cookies in IE and also django-debug-toolbar showed me that.
So how can I fix this issue?
The P3P headers are set:
response['P3P'] = 'CP="IDC CURa ADMa OUR IND PHY ONL COM STA"'
return response
They are also added by apache itself so kind of double just wanted to make sure it worked.
It's known security behavior of IE with iframe web sites. This could help:
Cookie blocked/not saved in IFRAME in Internet Explorer