Add CSRF check into websockets

This adds CSRF check into websockets to avoid attacks on websockets. Tested: Could no longer use crosssite scripting to open websocket. KVM and SOL still work once web-ui changes are updated Change-Id: I325079ae3d4db2701671564dff733e034d2670d6 Signed-off-by: James Feist <james.feist@linux.intel.com>
author: James Feist <james.feist@linux.intel.com> 2020-04-09 04:32:33 +0300
committer: James Feist <james.feist@linux.intel.com> 2020-04-15 19:17:29 +0300
commit: f8aa3d2704d3897eb724dab9ac596af8b1f0e33e (patch)
tree: c2e3a2017b70cae0c6e139276e91afda0fe9dfcc /include/sessions.hpp
parent: 043a05366c1fe54d7b9ef883292d0cd2d01c66b2 (diff)
download: bmcweb-f8aa3d2704d3897eb724dab9ac596af8b1f0e33e.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 4144705776..8ff903a439 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -39,6 +39,7 @@ struct UserSession
     std::string csrfToken;
     std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
     PersistenceType persistence;
+    bool cookieAuth = false;
 
     /**
      * @brief Fills object with data from UserSession's JSON representation
author	James Feist <james.feist@linux.intel.com>	2020-04-09 04:32:33 +0300
committer	James Feist <james.feist@linux.intel.com>	2020-04-15 19:17:29 +0300
commit	f8aa3d2704d3897eb724dab9ac596af8b1f0e33e (patch)
tree	c2e3a2017b70cae0c6e139276e91afda0fe9dfcc /include/sessions.hpp
parent	043a05366c1fe54d7b9ef883292d0cd2d01c66b2 (diff)
download	bmcweb-f8aa3d2704d3897eb724dab9ac596af8b1f0e33e.tar.xz