diff options
author | Ed Tanous <ed@tanous.net> | 2024-04-22 22:41:06 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-04-23 18:04:43 +0300 |
commit | 788fe74859b1fa491053d1fcd8bb32f42e7898b6 (patch) | |
tree | a0f4db776dc71a461ab1adcdee8723e27c451e61 /config/bmcweb_config.h.in | |
parent | c056aa7aa2438d16b1a3f1db20e6aac2694ca455 (diff) | |
download | bmcweb-788fe74859b1fa491053d1fcd8bb32f42e7898b6.tar.xz |
Remove XSS prevention code
This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.
This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.
Tested: Code compiles.
[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850
Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'config/bmcweb_config.h.in')
-rw-r--r-- | config/bmcweb_config.h.in | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/config/bmcweb_config.h.in b/config/bmcweb_config.h.in index d3b174c470..a8ae29ef91 100644 --- a/config/bmcweb_config.h.in +++ b/config/bmcweb_config.h.in @@ -4,9 +4,6 @@ #include <cstddef> // clang-format off -constexpr const int bmcwebInsecureDisableXssPrevention = - @BMCWEB_INSECURE_DISABLE_XSS_PREVENTION@; - constexpr const bool bmcwebInsecureEnableQueryParams = @BMCWEB_INSECURE_ENABLE_QUERY_PARAMS@ == 1; constexpr const size_t bmcwebHttpReqBodyLimitMb = @BMCWEB_HTTP_REQ_BODY_LIMIT_MB@; |