[PVE-User] noVNC from API - Cookie

lemonnierk at ulrar.net lemonnierk at ulrar.net
Thu Jun 15 19:05:14 CEST 2017


I've posted this on the forum yesterday, but given the lack
of response I thought I'd try it here too.

I'm currently writing an Haskell library for the Proxmox API, and I want to use it for a few web apps soon.
I'm looking at how to implement the noVNC console, but as I understand it you need to query the link with the PVEAuthCookie cookie set, from the end user. Is that right ?

That's a huge problem, I can't have the user open his developer console, grab the cookie and make other requests for two hours :/
Even having a user with only that rights, that still means one user can get access to some other user's VM. And I really don't want to handle one account per user, that'd be a nightmare to handle.
Is there another solution, or do I have to forget about the console ?

Ideally you'd need something like an API endpoint that would generate a one-time auth cookie usable only for the requested noVNC console, I think.
I guess another solution would be to proxy the connection from the client through the server to the proxmox node, adding the cookie on the server, but I'm not sure how I'd do that, that sounds overly complicated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20170615/0306de25/attachment.sig>

More information about the pve-user mailing list