summaryrefslogtreecommitdiff
path: root/include/sessions.hpp
diff options
context:
space:
mode:
authorJames Feist <james.feist@linux.intel.com>2020-04-09 04:32:33 +0300
committerJames Feist <james.feist@linux.intel.com>2020-04-15 19:17:29 +0300
commitf8aa3d2704d3897eb724dab9ac596af8b1f0e33e (patch)
treec2e3a2017b70cae0c6e139276e91afda0fe9dfcc /include/sessions.hpp
parent043a05366c1fe54d7b9ef883292d0cd2d01c66b2 (diff)
downloadbmcweb-f8aa3d2704d3897eb724dab9ac596af8b1f0e33e.tar.xz
Add CSRF check into websockets
This adds CSRF check into websockets to avoid attacks on websockets. Tested: Could no longer use crosssite scripting to open websocket. KVM and SOL still work once web-ui changes are updated Change-Id: I325079ae3d4db2701671564dff733e034d2670d6 Signed-off-by: James Feist <james.feist@linux.intel.com>
Diffstat (limited to 'include/sessions.hpp')
-rw-r--r--include/sessions.hpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 4144705776..8ff903a439 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -39,6 +39,7 @@ struct UserSession
std::string csrfToken;
std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
PersistenceType persistence;
+ bool cookieAuth = false;
/**
* @brief Fills object with data from UserSession's JSON representation