diff options
author | Ed Tanous <edtanous@google.com> | 2023-06-16 21:29:37 +0300 |
---|---|---|
committer | Ed Tanous <edtanous@google.com> | 2023-06-17 00:12:13 +0300 |
commit | 7e9c08ede1dad0068d3e10955b75202fd9193999 (patch) | |
tree | 4fe9d33b07f2f8499ec1c3519e74ed7f0fc4d223 /include/sessions.hpp | |
parent | e164f1b66eb2cde5b885df342c9a5bb4e0c2beeb (diff) | |
download | bmcweb-7e9c08ede1dad0068d3e10955b75202fd9193999.tar.xz |
Revert "Fix websocket csrf checking"
This reverts commit e628df8658c57f6943b6d3612e1077618e5a168a.
This appears to cause problems with non-cookie login of the console
websocket. This appears to be a gap in both our testing, and things
that we have scripting to do, but clearly it's a change in behavior, so
if we want to change the behavior, we should do it intentionally, and
clearly, ideally with a path to make clients work, or an explicit
documentation that the webui is the only supported client.
Change-Id: I334257e1355a5b8431cb7ecfe58ef8a942f4981c
Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'include/sessions.hpp')
-rw-r--r-- | include/sessions.hpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp index 26b30306fa..98912e827a 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -39,6 +39,7 @@ struct UserSession std::string clientIp; std::chrono::time_point<std::chrono::steady_clock> lastUpdated; PersistenceType persistence{PersistenceType::TIMEOUT}; + bool cookieAuth = false; bool isConfigureSelfOnly = false; std::string userRole{}; std::vector<std::string> userGroups{}; @@ -257,7 +258,7 @@ class SessionStore auto session = std::make_shared<UserSession>(UserSession{ uniqueId, sessionToken, std::string(username), csrfToken, clientId, redfish::ip_util::toString(clientIp), - std::chrono::steady_clock::now(), persistence, + std::chrono::steady_clock::now(), persistence, false, isConfigureSelfOnly}); auto it = authTokens.emplace(sessionToken, session); // Only need to write to disk if session isn't about to be destroyed. |