diff options
author | Ed Tanous <edtanous@google.com> | 2022-03-24 20:25:03 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-04-05 21:50:46 +0300 |
commit | fa0b217fc0d4ec246d79055c463c1e7f573fd4c8 (patch) | |
tree | bc62e35b02f4d6e705d8821763fe84c5145707d4 /meson_options.txt | |
parent | 456cd875f3c56b45605d8a017e91d810876a035c (diff) | |
download | bmcweb-fa0b217fc0d4ec246d79055c463c1e7f573fd4c8.tar.xz |
Add new option for query parameters
Query parameters in their initial incarnation will likely have security
consequences. For example, requesting ServiceRoot with expand depth 999
would likely run most BMCs out of memory. This isn't a good reason to
keep those features out of master, as there are a number of services
(webui-vue for example) that would like to test against them, and
identify the weaknesses.
The goal with this option is to allow users to test, so we can determine
things like the max depth we should support, which query params have
security consequences and how to mitigate them, and other testing. The
end goal would be for this option to be enabled by default. If it's
removed entirely would depend on the impacts of supporting query params
and is something we will have to discuss at a later date.
Tested:
Code compiles. Use of this option is added in next patchset in series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I93ff31c938e4be2d92eb07b59a3288f8bacde2ac
Diffstat (limited to 'meson_options.txt')
-rw-r--r-- | meson_options.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meson_options.txt b/meson_options.txt index 46616585bb..5b4419d0e7 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -44,3 +44,4 @@ option ('insecure-disable-auth', type : 'feature', value : 'disabled', descripti option ('insecure-disable-xss', type : 'feature', value : 'disabled', description : 'Disable XSS preventions') option ('insecure-tftp-update', type : 'feature', value : 'disabled', description : '''Enable TFTP based firmware update transactions through Redfish UpdateService.SimpleUpdate.''') option ('insecure-push-style-notification',type : 'feature', value : 'disabled', description : 'Enable HTTP push style eventing feature') +option ('insecure-enable-redfish-query', type : 'feature', value : 'disabled', description : 'Enables Redfish query parameters. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time.') |