[fish_config] Listen on non-localhost interfaces

[pwr22]

I use fish on a lot of headless machines and for this usecase it would be a lot easier if I could configure fish_config to listen on a public interface

[ridiculousfish]

This could be a parameter to fish_config.

[pwr22]

Sounds sensible, I'm willing to look at adding this myself when I have time

[zanchey]

Care will be required. At present fish_config binds to all interfaces but rejects non-localhost connections. The API allows the execution of arbitrary code and should be adequately protected.

[pwr22]

@zanchey I have no intention of changing the default behaviour

[silverhook]

Being able to run fish_config on the server and connect to it with a web browser from the desktop/laptop might be a very user-friendly solution, yes.

I like it, but it has to also be made secure. Editing the shell settings via unencrypted HTTP without any authorisation doesn’t seems like a good idea.

A different solution to this issue is being discussed also in bug #3625.

[zanchey]

Editing the shell settings via unencrypted HTTP without any authorisation doesn’t seems like a good idea.

cf. CVE-2014-2914

[mqudsi]

I think we should just agree to suggest something like ngrok for this use case. It's too much of a can of worms otherwise.

[t3kk]

I was able to do fish_config remotely by:

• viewing the temp file fish creates to see what port the webserver is bound to (I had 8000)
• opening a second ssh session and tunneling the port to localhost. example:
  ssh -L 8000:localhost:8000 user@host
• opening my browser to the link referenced in the temp file.

[alienzj]

I was able to do fish_config remotely by:

* viewing the temp file fish creates to see what port the webserver is bound to (I had 8000)

* opening a second ssh session and tunneling the port to localhost.  example:
  `ssh -L 8000:localhost:8000 user@host`

* opening my browser to the link referenced in the temp file.

code 403, message Forbidden

[alienzj]

I see, we need http://localhost:8000/xxxxxx.
The real url can get from rg href <file address returned by fish_config>.
Now, worked.
Thanks ~

[LiSongMWO]

The trailing slash is apparently also required if you use the SSH tunnel.

But in all honestly, this configuration experience is really bad for headless machines.

[yifeikong]

Is there a command line version of fish_config? Web ui is good, but CLI is also needed.

[krobelus]

On Sun, Dec 05, 2021 at 07:06:50PM -0800, Yifei Kong wrote: Is there a command line version of `fish_config`? Web ui is good, but CLI is also needed.

Yes since 3.3.0. See `fish_config -h`

[yifeikong]

Thanks, glad to see this. I've just updated to 3.3.1. On Mon, Dec 6, 2021 at 1:43 PM Johannes Altmanninger < ***@***.***> wrote:

…

On Sun, Dec 05, 2021 at 07:06:50PM -0800, Yifei Kong wrote: > Is there a command line version of `fish_config`? Web ui is good, but CLI is also needed. Yes since 3.3.0. See `fish_config -h` — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1916 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAH4ZXY4E7C2KQ7IPWNC55TUPRER3ANCNFSM4A25KYTA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- Yifei Kong May the force be with you.

[silverhook]

Personally, I find the existence of the CLI command since 3.3.0 enough to not need the functionality that is described in this issue.

[faho]

I do not want to touch this with a ten foot pole, especially given that webconfig isn't all that loved (we need to get off angularjs!). For the headless use case we now have the fish_config CLI.

So I'm closing this.