From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Christoph Heiss" <c.heiss@proxmox.com>,
"Dominik Csapak" <d.csapak@proxmox.com>,
"Lukas Wagner" <l.wagner@proxmox.com>
Cc: pdm-devel@lists.proxmox.com
Subject: Re: [PATCH proxmox/yew-pwt/datacenter-manager/installer v3 00/38] add auto-installer integration
Date: Tue, 21 Apr 2026 09:07:47 +0200 [thread overview]
Message-ID: <DHYN6DR3ZR67.21XJNEY5LNQ9Y@proxmox.com> (raw)
In-Reply-To: <DHXZBZEX1HCQ.3O2RPUZ9H5WY7@proxmox.com>
On Mon Apr 20, 2026 at 2:26 PM CEST, Christoph Heiss wrote:
>>>
>>> From my point of view, both points can be solved by using distinct
>>> tokens. The first point is solved by making the new type of token
>>> unusable in any other context by design. For the second issue, I think
>>> due to the fact that the token is *only* usable in this context, we
>>> could afford to return it from the API or as a downloadable ISO,
>>> assuming the user has high-enough permissions.
>>>
>>> What do you think?
>>>
>>> Regarding the 'custom token' itself, one thing that we could do is to
>>> make the token a regular parameter on the POST call, instead of using
>>> the 'Authorization' header. This would avoid API users from being
>>> confused about why there is one API route that uses a *different* token
>>> for no clearly visible reason.
>
> This actually was a point I discussed with Aaron early on while fleshing
> out a rough implementation plan for this.
> The argument for using the 'Authorization' header was that this header
> is treated with the required sensitivity (or hopefully, at least) in
> middlewares such as reverse proxies, i.e. most importantly not logging
> it somewhere with the whole URL.
Good point, that's something I haven't really considered.
>
> If we put the token into the URL as a (query?) parameter, there's a good
> chance it will get logged somewhere. So I'm quite opposed to putting it
> into the URL.
A *query* parameter for a POST request is rather odd, no? As usually
any data needed for the request would be put into the request body,
either form-encoded or as a JSON body.
As far as I'm aware it's not really that common for any kind of logging
to log the full request body, but of course that still does not rule it
out completely - so your point with regards to using 'Authorization'
still stands.
With the separate token/secret system it is probably a manageable risk
though, so it still *could* be okay to pass the secret in the body.
prev parent reply other threads:[~2026-04-21 7:07 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 16:53 Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 01/38] api-macro: allow $ in identifier name Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 02/38] schema: oneOf: allow single string variant Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 03/38] schema: implement UpdaterType for HashMap and BTreeMap Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 04/38] network-types: move `Fqdn` type from proxmox-installer-common Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 05/38] network-types: implement api type for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 06/38] network-types: add api wrapper type for std::net::IpAddr Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 07/38] network-types: cidr: implement generic `IpAddr::new` constructor Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 08/38] network-types: fqdn: implement standard library Error for Fqdn Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 09/38] node-status: make KernelVersionInformation Clone + PartialEq Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 10/38] installer-types: add common types used by the installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 11/38] installer-types: add types used by the auto-installer Christoph Heiss
2026-04-03 16:53 ` [PATCH proxmox v3 12/38] installer-types: implement api type for all externally-used types Christoph Heiss
2026-04-03 16:53 ` [PATCH yew-widget-toolkit v3 13/38] widget: kvlist: add widget for user-modifiable data tables Christoph Heiss
2026-04-16 12:23 ` Dominik Csapak
2026-04-16 14:18 ` Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 14/38] api-types, cli: use ReturnType::new() instead of constructing it manually Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 15/38] api-types: add api types for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 16/38] config: add auto-installer configuration module Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 17/38] acl: wire up new /system/auto-installation acl path Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 18/38] server: api: add auto-installer integration module Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 19/38] server: api: auto-installer: add access token management endpoints Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 20/38] client: add bindings for auto-installer endpoints Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 21/38] ui: auto-installer: add installations overview panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 22/38] ui: auto-installer: add prepared answer configuration panel Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 23/38] ui: auto-installer: add access token " Christoph Heiss
2026-04-03 16:53 ` [PATCH datacenter-manager v3 24/38] docs: add documentation for auto-installer integration Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 25/38] install: iso env: use JSON boolean literals for product config Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 26/38] common: http: allow passing custom headers to post() Christoph Heiss
2026-04-14 12:13 ` Lukas Wagner
2026-04-15 8:53 ` Christoph Heiss
2026-04-03 16:53 ` [PATCH installer v3 27/38] common: options: move regex construction out of loop Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 28/38] assistant: support adding an authorization token for HTTP-based answers Christoph Heiss
2026-04-14 12:13 ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 29/38] tree-wide: used moved `Fqdn` type to proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 30/38] tree-wide: use `Cidr` type from proxmox-network-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 31/38] tree-wide: switch to filesystem types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 32/38] post-hook: switch to types in proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 33/38] auto: sysinfo: switch to types from proxmox-installer-types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 34/38] fetch-answer: " Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 35/38] fetch-answer: http: prefer json over toml for answer format Christoph Heiss
2026-04-14 12:13 ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 36/38] fetch-answer: send auto-installer HTTP authorization token if set Christoph Heiss
2026-04-14 12:13 ` Lukas Wagner
2026-04-14 12:14 ` Lukas Wagner
2026-04-03 16:54 ` [PATCH installer v3 37/38] tree-wide: switch out `Answer` -> `AutoInstallerConfig` types Christoph Heiss
2026-04-03 16:54 ` [PATCH installer v3 38/38] auto: drop now-dead answer file definitions Christoph Heiss
2026-04-14 12:16 ` [PATCH proxmox/yew-pwt/datacenter-manager/installer v3 00/38] add auto-installer integration Lukas Wagner
2026-04-14 13:58 ` Lukas Wagner
2026-04-17 8:42 ` Dominik Csapak
2026-04-17 9:10 ` Dominik Csapak
2026-04-17 9:25 ` Lukas Wagner
2026-04-17 9:48 ` Dominik Csapak
2026-04-17 11:28 ` Lukas Wagner
2026-04-17 11:53 ` Dominik Csapak
2026-04-20 9:54 ` Lukas Wagner
2026-04-20 10:08 ` Dominik Csapak
2026-04-20 11:18 ` Lukas Wagner
2026-04-20 12:09 ` Dominik Csapak
2026-04-20 12:26 ` Christoph Heiss
2026-04-21 7:07 ` Lukas Wagner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHYN6DR3ZR67.21XJNEY5LNQ9Y@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=c.heiss@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.