Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Website visitors can go to /webcam/control.htm and modify webcam settings with no authentication #358

Closed
OmgItsBkid opened this issue May 21, 2017 · 2 comments
Closed

Website visitors can go to /webcam/control.htm and modify webcam settings with no authentication #358

OmgItsBkid opened this issue May 21, 2017 · 2 comments

Comments

@OmgItsBkid
Copy link

Copying this over from the OctoPrint report I put in on their tracker:

What were you doing?

Browse directly to http://yoursite/webcam/control.htm and you will be presented with webcam controls that work in real time and affect all users viewing the webcam. This can be done without the person logging into OctoPrint.

What did you expect to happen and what happened instead?

I did not expect this page to be available (as it does not appear to be linked from what I can tell), or at least available behind the OP login.

Branch & Commit or Version of OctoPrint

OctoPrint 1.3.2 (master branch)

Operating System running OctoPrint

OctoPi 0.13

Printer model & used firmware incl. version

N/A

Browser and Version of Browser, Operating System running Browser

N/A really, but Version 58.0.3029.96 (64-bit) on Windows, and Chrome 58.0.3029.83 on Android

Link to octoprint.log

https://pastebin.com/qU0kTKSj

Link to contents of terminal tab or serial.log

N/A

Link to contents of Javascript console in the browser

N/A

Screenshot(s) or video(s) showing the problem:

image
@guysoft
Copy link
Owner

guysoft commented May 22, 2017

Can you please link the OctoPrint issue? If you unconnect them there is no tracking.

@OmgItsBkid
Copy link
Author

OctoPrint/OctoPrint#1930 This is the issue that was put in on the OctoPrint side, however they stated that it was an OctoPi issue, so it won't be looked into any further on their end.

foosel added a commit to foosel/OctoPi that referenced this issue May 23, 2017
@foosel
Custom webroot & disabled controls for webcam server
ef57652 
Instead of ./www we now use ./www-octopi by default which only
contains an index.html (generated during image build) that displays
only the snapshot and stream for debugging purposes.

The command action on mjpg-streamer (which control.html of the stock
webroot utilizes) has also been disabled via "-n".

Two new variables have been introduced in /boot/octopi.txt to
allow configuring the webroot to use and the additional options
for output_http.so (by default only "-n"), in case power users
need to change back or otherwise customize stock behaviour.

Closes guysoft#358
@foosel foosel mentioned this issue May 23, 2017
Merged
@guysoft guysoft mentioned this issue Feb 21, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guysoft @OmgItsBkid