Revert "Fix websocket csrf checking"

This reverts commit e628df8658c57f6943b6d3612e1077618e5a168a. This appears to cause problems with non-cookie login of the console websocket. This appears to be a gap in both our testing, and things that we have scripting to do, but clearly it's a change in behavior, so if we want to change the behavior, we should do it intentionally, and clearly, ideally with a path to make clients work, or an explicit documentation that the webui is the only supported client. Change-Id: I334257e1355a5b8431cb7ecfe58ef8a942f4981c Signed-off-by: Ed Tanous <edtanous@google.com>
author: Ed Tanous <edtanous@google.com> 2023-06-16 21:29:37 +0300
committer: Ed Tanous <edtanous@google.com> 2023-06-17 00:12:13 +0300
commit: 7e9c08ede1dad0068d3e10955b75202fd9193999 (patch)
tree: 4fe9d33b07f2f8499ec1c3519e74ed7f0fc4d223 /http
parent: e164f1b66eb2cde5b885df342c9a5bb4e0c2beeb (diff)
download: bmcweb-7e9c08ede1dad0068d3e10955b75202fd9193999.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/http/websocket.hpp b/http/websocket.hpp
index 0faa8c60c7..434a0c1944 100644
--- a/http/websocket.hpp
+++ b/http/websocket.hpp
@@ -100,7 +100,8 @@ class ConnectionImpl : public Connection
             if (session != nullptr)
             {
                 // use protocol for csrf checking
-                if (!crow::utility::constantTimeStringCompare(
+                if (session->cookieAuth &&
+                    !crow::utility::constantTimeStringCompare(
                         protocol, session->csrfToken))
                 {
                     BMCWEB_LOG_ERROR << "Websocket CSRF error";
author	Ed Tanous <edtanous@google.com>	2023-06-16 21:29:37 +0300
committer	Ed Tanous <edtanous@google.com>	2023-06-17 00:12:13 +0300
commit	7e9c08ede1dad0068d3e10955b75202fd9193999 (patch)
tree	4fe9d33b07f2f8499ec1c3519e74ed7f0fc4d223 /http
parent	e164f1b66eb2cde5b885df342c9a5bb4e0c2beeb (diff)
download	bmcweb-7e9c08ede1dad0068d3e10955b75202fd9193999.tar.xz