Re: guacamole-common-js confusion

[Mike Jumper <mi...@guac-dev.org>]

On Tue, Oct 31, 2017 at 1:54 PM, David L Napier <dn...@umd.edu> wrote:
> We're building an app that's utilizing Guacamole.  I have Tomcat behind an
> Nginx reverse proxy.  The app successfully utilizes guacamole-common-js and
> connects to tomcat via the proxy.  Then it loads the canvas into the client.
> However, the canvas is returning with a size of 0 height, 0 width.
>

What do you mean by "loads the canvas into the client"?

Guacamole does use canvas tags, but you shouldn't be touching the
canvas itself (which is internal). You should only be dealing with the
display abstraction provided by Guacamole.Display (returned by
getDisplay() of Guacamole.Client), adding the display to the DOM using
the element returned by getElement():

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#getDisplay
http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Display.html#getElement

The display itself will not have non-zero dimensions until it receives
the size from the server. If this never occurs, check that:

1) You have set handlers for the tunnel and client "onerror" and
"onstatechange" events (so you know when things are failing)
2) There aren't errors in the logs from guacd (the connection may not
have succeeded at all)

> I've got this warning in my console: "[Deprecation] Resource requests whose
> URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and
> less-than characters (`<`) are blocked. Please remove newlines and encode
> less-than characters from places like element attribute values in order to
> load these resources. See
> https://www.chromestatus.com/feature/5735596811091968 for more details."
>

Check your HTML. From the warning, it sounds like some of your
attribute values contain angle brackets, and are thus being recognized
by Chrome as possible injection attacks.

- Mike