diff options
author | JunLin Chen <Jun-Lin.Chen@quantatw.com> | 2021-12-16 08:58:45 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2021-12-21 03:29:39 +0300 |
commit | 895e46d807d0afe6753753eb9ad8911897425b90 (patch) | |
tree | cbe9f3d8d55ca46bff20a2a20980864fd83151a2 | |
parent | af4edf686e684d728fccbb69a8f550fd2adab46a (diff) | |
download | bmcweb-895e46d807d0afe6753753eb9ad8911897425b90.tar.xz |
Skip contentLength check in insecure-disable-auth
If we update image via POST /redfish/v1/UpdateService.
Because there is no need to establish session in insecure-disable-auth,
This restricts unauthenticated users upload sizes cause POST image fail.
(image always greater than limit).
According to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/30994
it should not be checked this when disable-auth condition is enabled.
Test:
curl -k -X POST -T <image_path>
"https://<bmcip>/redfish/v1/UpdateService"
Return
{
"@odata.id": "/redfish/v1/TaskService/Tasks/1",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "1",
"TaskState": "Running",
"TaskStatus": "OK"
}
Signed-off-by: JunLin Chen <Jun-Lin.Chen@quantatw.com>
Change-Id: Iecb1cdc0213958e7d6191801043010b0ae10433d
-rw-r--r-- | http/http_connection.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/http/http_connection.hpp b/http/http_connection.hpp index 06bb63af04..9ba160182a 100644 --- a/http/http_connection.hpp +++ b/http/http_connection.hpp @@ -569,7 +569,6 @@ class Connection : boost::beast::http::verb method = parser->get().method(); userSession = crow::authorization::authenticate( ip, res, method, parser->get().base(), userSession); -#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION bool loggedIn = userSession != nullptr; if (!loggedIn) @@ -587,6 +586,7 @@ class Connection : BMCWEB_LOG_DEBUG << "Starting quick deadline"; } +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION doRead(); }); |