diff options
author | James Feist <james.feist@linux.intel.com> | 2020-04-09 04:32:33 +0300 |
---|---|---|
committer | James Feist <james.feist@linux.intel.com> | 2020-04-15 19:17:29 +0300 |
commit | f8aa3d2704d3897eb724dab9ac596af8b1f0e33e (patch) | |
tree | c2e3a2017b70cae0c6e139276e91afda0fe9dfcc /include/sessions.hpp | |
parent | 043a05366c1fe54d7b9ef883292d0cd2d01c66b2 (diff) | |
download | bmcweb-f8aa3d2704d3897eb724dab9ac596af8b1f0e33e.tar.xz |
Add CSRF check into websockets
This adds CSRF check into websockets to avoid
attacks on websockets.
Tested: Could no longer use crosssite scripting to
open websocket. KVM and SOL still work once web-ui
changes are updated
Change-Id: I325079ae3d4db2701671564dff733e034d2670d6
Signed-off-by: James Feist <james.feist@linux.intel.com>
Diffstat (limited to 'include/sessions.hpp')
-rw-r--r-- | include/sessions.hpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp index 4144705776..8ff903a439 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -39,6 +39,7 @@ struct UserSession std::string csrfToken; std::chrono::time_point<std::chrono::steady_clock> lastUpdated; PersistenceType persistence; + bool cookieAuth = false; /** * @brief Fills object with data from UserSession's JSON representation |