diff options
author | Joseph Reynolds <jrey@us.ibm.com> | 2018-10-17 19:24:06 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-10-23 20:29:40 +0300 |
commit | ec4d724f2995e130054a981c0a9ccb654a98d0e9 (patch) | |
tree | 3cf59e51c23dae985103d39c87c699ba165860a4 | |
parent | 12fca02687b481cc263ffeac707bb239a5780cca (diff) | |
download | openbmc-ec4d724f2995e130054a981c0a9ccb654a98d0e9.tar.xz |
Nginx allow secure websocket connections
This changes the nginx configuration so the HTTP response headers
for the phosphor-webui web applicaton will allow wss (secure
WebSocket) connections back to the host. This is needed for the
Serial Over Lan (SOL) function.
A recent fix used Content-Security-Policy default-src 'self'
which unfortunately does not allow to wss connections. For
details see https://github.com/openbmc/openbmc/issues/3409
Tested: The web app SOL function works
Resolves: openbmc/openbmc#3409
(From meta-ibm rev: ba115c67c50b8e9691bbdbc4132dfef563c327c0)
Change-Id: Ic46693c1c17ce83f422bc388ef1338894eeadb4d
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
-rw-r--r-- | meta-ibm/recipes-httpd/nginx/files/nginx.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-ibm/recipes-httpd/nginx/files/nginx.conf b/meta-ibm/recipes-httpd/nginx/files/nginx.conf index be7faf92f..befe98626 100644 --- a/meta-ibm/recipes-httpd/nginx/files/nginx.conf +++ b/meta-ibm/recipes-httpd/nginx/files/nginx.conf @@ -88,7 +88,7 @@ http { add_header X-Frame-Options deny; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; - add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' 'unsafe-eval' 'unsafe-inline'"; + add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' wss: 'unsafe-eval' 'unsafe-inline'"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Cache-Control "no-store,no-cache"; add_header Pragma "no-cache"; |