Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure WebSocket endpoint for logs flask/assets.py #768

Open
krzyzawa opened this issue Feb 6, 2025 · 0 comments
Open

Insecure WebSocket endpoint for logs flask/assets.py #768

krzyzawa opened this issue Feb 6, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@krzyzawa
Copy link

krzyzawa commented Feb 6, 2025

Describe the bug
When running Vanna over https with logs enabled debug=True, there is an error as the logs rely on insecure web socket ws:// which is hardcoded vanna/flask/assets.py

To Reproduce

  1. Run Vanna with debug=True over https
  2. Ask question
  3. Check browser terminal for errors:
    index-35bab439.js:1 Mixed Content: The page at 'https://XXXXX/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://XXXXX/api/v0/log'. This request has been blocked; this endpoint must be available over WSS.

Expected behavior
Web socket protocol must be adjusted based on page protocol. Instead of hardcoding it there must be a condition added:
E=new WebSocket((window.location.protocol === 'https:' ? 'wss://' : 'ws://') + window.location.host + "/api/v0/log")

Desktop (please complete the following information where):

  • Vanna: [v0.7.5]
@krzyzawa krzyzawa added the bug Something isn't working label Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krzyzawa