action #119356
openopenqa.opensuse.org login was again redirecting to wrong page due to our javascript code conducting DoS attacks
0%
Description
Motivation¶
In https://suse.slack.com/archives/C028VS8TM2B/p1666683731354889 fvogt said "Looks like the login on openqa.opensuse.org is broken again, the usual issue that it tries to log into mirrorcache(-br) instead". andriinikitin fixed this but suggested that related to https://github.com/os-autoinst/openQA/pull/4639 we should try to find out why javascript starts DoS at all and "Did you consider that /minion/history may need the same treatment because it is referenced from JS as well https://github.com/mojolicious/minion/blob/main/lib/Mojolicious/Plugin/Minion/resources/templates/minion/dashboard.html.ep#L35"
Acceptance criteria¶
- AC1: The code in /minion/history is ensured to not cause DoS attacks
Suggestions¶
- Try to find out why javascript starts DoS at all
- Consider that /minion/history may need the same treatment because it is referenced from JS as well https://github.com/mojolicious/minion/blob/main/lib/Mojolicious/Plugin/Minion/resources/templates/minion/dashboard.html.ep#L35
Updated by andriinikitin over 1 year ago
My understanding is that nothing more can be done in openQA to prevent this.
It should be fixed in ipsilon (and maybe in Mojolicious/minion, but I couldn't figure out what can be wrong there).
The issue today happened when I restarted MirrorCache WebUI service while having /minion tab open in browser.
But typically other application can add the same workaround as openQA has, e.g. MirrorCache should have deployed the workaround later today in https://github.com/openSUSE/MirrorCache/commit/9e614f3f90035b0234a554eabb5a4744c395fd37