diff options
author | Ed Tanous <ed@tanous.net> | 2024-04-22 22:41:06 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-04-23 18:04:43 +0300 |
commit | 788fe74859b1fa491053d1fcd8bb32f42e7898b6 (patch) | |
tree | a0f4db776dc71a461ab1adcdee8723e27c451e61 /config | |
parent | c056aa7aa2438d16b1a3f1db20e6aac2694ca455 (diff) | |
download | bmcweb-788fe74859b1fa491053d1fcd8bb32f42e7898b6.tar.xz |
Remove XSS prevention code
This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.
This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.
Tested: Code compiles.
[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850
Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'config')
-rw-r--r-- | config/bmcweb_config.h.in | 3 | ||||
-rw-r--r-- | config/meson.build | 2 |
2 files changed, 0 insertions, 5 deletions
diff --git a/config/bmcweb_config.h.in b/config/bmcweb_config.h.in index d3b174c470..a8ae29ef91 100644 --- a/config/bmcweb_config.h.in +++ b/config/bmcweb_config.h.in @@ -4,9 +4,6 @@ #include <cstddef> // clang-format off -constexpr const int bmcwebInsecureDisableXssPrevention = - @BMCWEB_INSECURE_DISABLE_XSS_PREVENTION@; - constexpr const bool bmcwebInsecureEnableQueryParams = @BMCWEB_INSECURE_ENABLE_QUERY_PARAMS@ == 1; constexpr const size_t bmcwebHttpReqBodyLimitMb = @BMCWEB_HTTP_REQ_BODY_LIMIT_MB@; diff --git a/config/meson.build b/config/meson.build index 1c6f78a999..26c9bd4b3a 100644 --- a/config/meson.build +++ b/config/meson.build @@ -2,8 +2,6 @@ conf_data = configuration_data() conf_data.set('BMCWEB_HTTP_REQ_BODY_LIMIT_MB', get_option('http-body-limit')) -xss_enabled = get_option('insecure-disable-xss') -conf_data.set10('BMCWEB_INSECURE_DISABLE_XSS_PREVENTION', xss_enabled.allowed()) enable_redfish_query = get_option('insecure-enable-redfish-query') conf_data.set10('BMCWEB_INSECURE_ENABLE_QUERY_PARAMS', enable_redfish_query.allowed()) # enable_redfish_aggregation = get_option('redfish-aggregation') |