Update whitelist

As part of the redfish spec, both /redfish and /redfish/v1/odata need to be allowed without credentials. This adds them to the whitelist, and improves our compliance with the specification. Change-Id: I89d7c20ed497b77cdea83560087c9085747872bf Signed-off-by: Ed Tanous <ed.tanous@intel.com>
author: Ed Tanous <ed.tanous@intel.com> 2018-07-25 00:28:08 +0300
committer: Ed Tanous <ed.tanous@intel.com> 2018-08-15 21:57:29 +0300
commit: eb1eb78e639414bf0862e4c2fee5ab65c1d2f314 (patch)
tree: 9cbab8eb5ed06c7d13ddf39a57495381a66ba3e9 /include
parent: 90ad5ed9ff7463245b6edb3ab6087eb33689ce3c (diff)
download: bmcweb-eb1eb78e639414bf0862e4c2fee5ab65c1d2f314.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
index fcc86386fa..2e286e15ca 100644
--- a/include/token_authorization_middleware.hpp
+++ b/include/token_authorization_middleware.hpp
@@ -189,7 +189,9 @@ class Middleware {
   bool isOnWhitelist(const crow::Request& req) const {
     // it's allowed to GET root node without authentica tion
     if ("GET"_method == req.method()) {
-      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/") {
+      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/" ||
+          req.url == "/redfish" || req.url == "/redfish/" ||
+          req.url == "/redfish/v1/odata" || req.url == "/redfish/v1/odata/") {
         return true;
       } else if (crow::webassets::routes.find(std::string(req.url)) !=
                  crow::webassets::routes.end()) {
author	Ed Tanous <ed.tanous@intel.com>	2018-07-25 00:28:08 +0300
committer	Ed Tanous <ed.tanous@intel.com>	2018-08-15 21:57:29 +0300
commit	eb1eb78e639414bf0862e4c2fee5ab65c1d2f314 (patch)
tree	9cbab8eb5ed06c7d13ddf39a57495381a66ba3e9 /include
parent	90ad5ed9ff7463245b6edb3ab6087eb33689ce3c (diff)
download	bmcweb-eb1eb78e639414bf0862e4c2fee5ab65c1d2f314.tar.xz