diff options
author | Ed Tanous <ed@tanous.net> | 2024-04-22 22:41:06 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-04-23 18:04:43 +0300 |
commit | 788fe74859b1fa491053d1fcd8bb32f42e7898b6 (patch) | |
tree | a0f4db776dc71a461ab1adcdee8723e27c451e61 /include/cors_preflight.hpp | |
parent | c056aa7aa2438d16b1a3f1db20e6aac2694ca455 (diff) | |
download | bmcweb-788fe74859b1fa491053d1fcd8bb32f42e7898b6.tar.xz |
Remove XSS prevention code
This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.
This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.
Tested: Code compiles.
[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850
Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'include/cors_preflight.hpp')
-rw-r--r-- | include/cors_preflight.hpp | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/include/cors_preflight.hpp b/include/cors_preflight.hpp deleted file mode 100644 index b7272229b1..0000000000 --- a/include/cors_preflight.hpp +++ /dev/null @@ -1,19 +0,0 @@ -#pragma once - -#include "app.hpp" -#include "http_request.hpp" -#include "http_response.hpp" - -namespace cors_preflight -{ -inline void requestRoutes(App& app) -{ - BMCWEB_ROUTE(app, "<str>") - .methods(boost::beast::http::verb::options)( - [](const crow::Request& /*req*/, - const std::shared_ptr<bmcweb::AsyncResp>&, const std::string&) { - // An empty body handler that simply returns the headers bmcweb - // uses This allows browsers to do their CORS preflight checks - }); -} -} // namespace cors_preflight |