Hi Nick,
Thanks for your response!
I have tried using Nginx as a reverse proxy and passed the Guacamole-Token
as a cookie in the HTTP header. Fetching other resources, such as getting
users and active connections, works as expected. However, when navigating
to the remote client connection, it redirects to the Guacamole login page
because we cannot add the HTTP header in window.open()
await jsr.InvokeVoidAsync("window.open", url, "_blank");
Thanks & Regards
Sushmita
On Mon, Feb 24, 2025 at 7:05 PM Nick Couchman <vn...@apache.org> wrote:
> On Mon, Feb 24, 2025 at 4:34 AM Sushmita Velan <sushmitavel...@gmail.com>
> wrote:
>
>> Hi Team,
>>
>> I am currently working on a .NET Blazor application, and I would like to
>> navigate to the Guacamole remote connection page from my application.
>>
>> I have successfully accomplished this with the following code:
>>
>> url =
>> "http://localhost:8081/#/client/{connectionId}?token=889877......."await
>> jsr.InvokeVoidAsync("window.open", url, "_blank");
>>
>> However, we should avoid this approach due to security concerns, as we
>> are exposing the token in the URL as a query string.
>>
>> It would be helpful if you could suggest any alternative ways we could
>> connect to the Guacamole remote connection securely.
>>
> The token= URL parameter was largely removed from Guacamole in version
> 1.4.0 via the following Jira issue:
> https://issues.apache.org/jira/browse/GUACAMOLE-956. This has also been
> recently discussed on the following thread:
> https://lists.apache.org/thread/vo9q6l7nkghm0wv5xyopgr0clgjx6dkv.
>
> If you're still seeing consistent use of the token= URL parameter, you
> need to update to a later version of Guacamole Client that incorporates the
> use of the Guacamole-Token header, instead.
>
> -Nick
>
>>
