If a token is already present in the path, the new variable
is ignored. In order to properly manipulate the path,
a new method, `WebUtil.injectParamIfMissing` was introduced.
Fixes#536
[@directxman12: fix up path manipulation logic]
Any config variable like host, port, password, token may be
specified either in the query string (like now), or in the URL hash
fragment. In case a given variable is present in both, the value in the
fragment takes precedence. Supplying variables in the fragment avoids
leaking them to the web server hosting the noVNC viewer HTML.
Previously, if an error was thrown from the Display constructor
in the RFB constructor, we would attempt to use `RFB#updateState`
to handle this. However, `RFB#updateState` attempts to close
the WebSocket connection, which doesn't exist at this point.
In the constructor, it's probably just better to raise an exception
instead (making sure to clean up anything relevant).
Fixes#460
* Added a resize request (setDesktopSize) triggered when connecting and by
changes to the browser window's size.
* Hid the view-drag-hand when the display area is the same or smaller than the
remote session size.
* Added a setting for the automatic resize feature.
* Updated vnc.html and vnc_auto.html to reflect the changes to the UI.
button group instead of centered.
* On low resolution devices the padding towards the edges of the screen of
the left and right button groups are now removed.
* Since the status_bar was merged into the control-bar the actual status_bar
element became redundant and was therefor removed.
* Improved the style of the control-bar when there is an error or a warning.
* Implemented a fix so that vnc_auto.html works as intended with the improved
screen real estate patch.
Browsers (such as Chrome) don't report port numbers in window.location.port when
used on standard ports such as 80 and 443. This causes vnc_auto.html to not
automatically find the port as it should.
This simple change checks if window.location.port is blank, and sets port as
appropriate from the name of the protocol in use.
Related to issue/pulls:
https://github.com/kanaka/noVNC/issues/194https://github.com/kanaka/noVNC/pull/201https://github.com/kanaka/noVNC/pull/202
In IE9, the window.onload event can fire before dynamically loaded
scripts have finished loading. This can result in either WebSocket (in
the case of vnc_auto.html) or RFB (in the case of vnc.html) not being
defined at the point when window.onload is called.
- Move the load_scripts routine from vnc.js to util.js (so that
websockify can use it too). Also, refactor to work when load_scripts
is called by a script that itself uses load_scripts. When the whole
chain of dynamically loaded scripts is finished then call
window.onscriptsload. Use this mechanism in all the places that
depend on dynamic loading of scripts: vnc.html, vnc_auto.html,
websock.js, tests/vnc_playback.html, and tests/vnc_perf.html.
- Use the new window.onscriptsload handler instead of window.onload.
- Remove include/start.js and do the script loading and startup event
handling in include/ui.js instead.
The MPL 2.0 license is a "file-level" copyleft license vs the
"project-level" nature of the L/GPL. The intention of noVNC has
always been that it should be easy to incorporate into existing
projects and sites whether free/open or proprietary/commercial. The MPL
2.0 is designed for this sort of combination project but still
requires that any distributed modifications to noVNC source files must
also be published under the same license.
In addition, the MPL 2.0 allows the code to be used in L/GPL projects
(the secondary license clause). This means that any projects that are
already incorporating noVNC should not be impacted by this change and
in fact it should clarify the licensing situation (the exact
application of the L/GPL to web applications and interpreted code is
somewhat ambiguous).
The HTML, CSS, image and font files continue to be under more
permissive licenses (see LICENSE.txt). The included websockify python
code remains under a LGPLv3 license although the include/websock.js
file from the websockify component is now under MPL 2.0 as well.
Permission was received from other noVNC authors to make this change to their
code license on the following dates:
- Chris Gordon (UI): Jun 24, 2012
- Antoine Mercadal (DOM,*util.js): Oct 10, 2012
- William Lightning (UltraVNC repeater): Oct 10, 2012
- Mike Tinglof (tight encoding): Oct 15, 2012
Instead of using document.write to load scripts, use createElement to
create and append script tags. document.write is problematic in a lot
of situation and in particular is not allowed in a Chrome
extension/packaged app.
Also, in webutil.js, instead of calling init_logging during parsing of
include/webutil.js, rely on the caller to do this. The problem is that
calling init_logging on parse tries to call Util logging functions and
the new model of dynamic load may not having Util loaded by the time
webutil is parsed.
Clarify in LICENSE.txt that the noVNC core library is the part that is
LGPLv3 licensed. The HTML, CSS, images and fonts are separate from the
core library and can be modified and distributed with the noVNC core
but under their own license conditions.
HTML and CSS: 2-Clause BSD
Fonts: SIL OFL 1.1
Images: CC BY SA 3.0
In other words, you can modify the layout and appearance of of noVNC
to integrate with an existing or new web site or application without
having to publish the source for those modifications under the LGPLv3.
However, use of and modification of the noVNC core library (i.e. the
core Javascript that makes up noVNC) must still be according to the
LGPLv3.
Chris Gordon was the other contributor to the HTML, CSS, and images
included with noVNC and gave permission for this license clarification
on June 23, 2012.
* Adds the nova-novncproxy binary, to provide support for vnc + OpensStack nova
* Adds the ability to pass an auth token in via url, which is subsequently
passed back to the proxy as a cookie.
I.e. if the page is https:// then the WebSocket encrypt setting will
default to wss:// (TLS encryption).
Note that since noVNC settings are saved in cookies, this will only
affect first load. If you have already loaded the page, then the
encrypt setting will be whatever you last set it to.
The Jetty WebSocket server code used by the Clojure version of
websockify doesn't support WebSocket and Web at the same path so pass
in a default value for the path so that we can support the Clojure
version websockify.
Resolve issue: https://github.com/kanaka/noVNC/pull/101
Based on proposal from @mightpenguin:
Matthew Balman <emperor@mightypenguin.org>
If view_only option is set then do not send mouse and keyboard events.
This is not a secure/enforced way to make a client view only. To
enforce view only at the server, most VNC servers support setting
a view only password.
API changes:
- include/canvas.js renamed to include/display.js
- Display.rescale() method removed from API. Use Display.set_scale() instead.
- Make logo configuration attribute of Display and display it when
clear() is called if it is set.
API deprecations:
- use RFB onUpdateState instead of updateState.
- use RFB onClipboard instead of clipboardReceive.
See https://github.com/kanaka/noVNC/wiki/ModuleAPI for detailed noVNC
modules and API description.
Expand and normalize the event/callback interfaces. Standize on
"onEventName" form for callbacks.
Callback Renames:
- RFB updateState -> onUpdateState
- RFB clipboardReceive -> onClipboard
- Keyboard keyPress -> onKeyPress
- Mouse mouseButton -> onMouseButton
- Mouse mouseMove -> onMouseMove
Callback Additions:
- RFB onPasswordRequired
- RFB onBell
- RFB onFBUReceive
- RFB onFBUComplete
Other:
- Add array type support to Util.conf_default()
- Removed a bunch of routines from the Display API that were just used
internally and not actually by noVNC: flush, setFillColor,
imageDataGet, imageDataCreate, rgbxImageData, rgbxImageFill,
cmapImageData, cmapImageFill.
- More keyboard/mouse logging when debug turned on.
- Some JSLinting
Rename the $() selector to $D() so that it doesn't collide with
the jQuery name.
The API change is that the 'target' option for Canvas and RFB objects
must now be a DOM Canvas element. A string is no longer accepted
because this requires that a DOM lookup is done and the Canvas and RFB
should have no UI code in them. Modularity.
- Add meta tag to vnc.html and vnc_auto.html so that if Chrome Frame
is installed, it is used.
- Add detection to default_controls.js that shows a message with
a Chrome Frame install link if the user is using a version of IE
without Canvas support.
- Fix web.py so that requests have their connection closed after they
are completed. This has been a bug for a while but it prevents
Chrome Frame from working because Chrome Frame doesn't activate
until the initial request connection closes.
- util.js that contains essential functions
- webutils.js that contains the GUI utility function.js
this helps to include noVNC in other project, especially Cappuccino Application
i
New API:
To use the RFB object, you now must instantiate it (this allows more
than one instance of it on the same page).
rfb = new RFB(settings);
The 'settings' variable is a namespace that contains initial default
settings. These can also be set and read using 'rfb.set_FOO()' and
'rfb.get_FOO()' where FOO is the setting name. The current settings
are (and defaults) are:
- target: the DOM Canvas element to use ('VNC_canvas').
- encrypt: whether to encrypt the connection (false)
- true_color: true_color or palette (true)
- b64encode: base64 encode the WebSockets data (true)
- local_cursor: use local cursor rendering (true if supported)
- connectTimeout: milliseconds to wait for connect (2000)
- updateState: callback when RFB state changes (none)
- clipboardReceive: callback when clipboard data received (none)
The parameters to the updateState callback have also changed. The
function spec is now updateState(rfb, state, oldstate, msg):
- rfb: the RFB object that this state change is for.
- state: the new state
- oldstate: the previous state
- msg: a message associate with the state (not always set).
The clipboardReceive spec is clipboardReceive(rfb, text):
- rfb: the RFB object that this text is from.
- text: the clipboard text received.
Changes:
- The RFB and Canvas namespaces are now more proper objects. Private
implementation is no longer exposed and the public API has been made
explicit. Also, instantiation allows more than one VNC connection
on the same page (to complete this, DefaultControls will also need
this same refactoring).
- Added 'none' logging level.
- Removed automatic stylesheet selection workaround in util.js and
move it to defaultcontrols so that it doesn't interfere with
intergration.
- Also, some major JSLinting.
- Fix input, canvas, and cursor tests to work with new model.
The following API changes may affect integrators:
- Settings have been moved out of the RFB.connect() call. Each
setting now has it's own setter function: setEncrypt, setBase64,
setTrueColor, setCursor.
- Encrypt and cursor settings now default to on.
- CSS changes:
- VNC_status_bar for input buttons switched to a element class.
- VNC_buttons split into VNC_buttons_right and
VNC_buttons_left
- New id styles for VNC_settings_menu and VNC_setting
Note: the encrypt, true_color and cursor, logging setting can all be
set on load using query string variables (in addition to host, port
and password).
Client cursor (cursor pseudo-encoding) support has been polished and
activated.
The RFB settings are now presented as radio button list items in
a drop-down "Settings" menu when using the default controls.
Also, in the settings menu is the ability to select between alternate
style-sheets.
Cookie and stylesheet selection support added to util.js.
Add new states 'loaded', 'connect' and 'fatal':
- Loaded state is first page state. Pass WebSockets mode message using
this state.
- Connect indicates that the user has issued a "connect" but we
haven't gotten an WebSockets onopen yet.
- Fatal is a condition that indicates inability to continue on: right
now, lack of WebSockets/Flash or non-working canvas.
Move much of the actual state transition code into updateState.
Handle 'password' state better in default_controls.js; instead of
disconnecting, prompt for password to send.
Add comments to updateState indicating possible states.
Instead of relying on FABridge AS -> JS event delivery, we just use
the events to notify JS of pending data. The message handler then
calls the AS readSocketData routine which sends back an array of
the pending WebSocket frames.
There is still a minor bug somewhere that happens after the first
connect where the web-socket-js throws an "INVALID_STATE_ERR: Web
Socket connection has not been established". But, Opera is now usable
and we should be able to drop the packet sequence numbering and
re-ordering code.
Another minor issue to better support Opera is to move JS script
includes to the <head> of the page instead of after the body.
Miguel Xavier Penha Neto
Ganesh Varadarajan
Solly Ross
MOZGIII
samhed
Julien Fontanet
Martin André
Malcolm Scott
jalf
John Dewey
Will Rouesnel
Peter Åstrand (astrand)
Joel Martin
William Lightning
Anthony Young
Chris Gordon
Antoine Mercadal