diff options
| author | Ed Tanous <ed@tanous.net> | 2020-07-21 18:46:25 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2021-12-20 04:00:35 +0300 |
| commit | af4edf686e684d728fccbb69a8f550fd2adab46a (patch) | |
| tree | 1c97b4f7b75a310105ab7ba86fdbf100117c3782 /.github | |
| parent | 47c9e106e0057dd70133d50e928e48cbc68e709a (diff) | |
| download | bmcweb-af4edf686e684d728fccbb69a8f550fd2adab46a.tar.xz | |
Implement MIME parsing
This commit adds two core features to bmcweb:
1. A multipart mime parser that can read multipart form requests into
bmcweb. This is implemented as a generic parser that identifies the
content-type strings and parses them into structures.
2. A /login route that can be logged into with a multipart form. This
is to allow changing the login screen to a purely forms based
implementation, thus removing the very large whitelist we currently have
to maintain, and removing javascript from our threat envelope.
More testing is still needed, as this is a parser that exists outside of
the secured areas, but in this simple example, it seems to work well.
Tested: curl -vvvvv --insecure -X POST -F 'username=root' -F
'password=0penBmc' https://<bmc ip address>:18080/login
Returned; { "data": "User 'root' logged in", "message": "200 OK",
"status": "ok" }
Change-Id: Icc3f4c082d584170b65b9e82f7876926cd38035d
Signed-off-by: Ed Tanous<ed@tanous.net>
Signed-off-by: George Liu <liuxiwei@inspur.com>
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions