diff options
| author | Ed Tanous <ed@tanous.net> | 2024-04-22 22:41:06 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2024-04-23 18:04:43 +0300 |
| commit | 788fe74859b1fa491053d1fcd8bb32f42e7898b6 (patch) | |
| tree | a0f4db776dc71a461ab1adcdee8723e27c451e61 /src | |
| parent | c056aa7aa2438d16b1a3f1db20e6aac2694ca455 (diff) | |
| download | bmcweb-788fe74859b1fa491053d1fcd8bb32f42e7898b6.tar.xz | |
Remove XSS prevention code
This feature was created for a time before webpack had a built in proxy,
and to debug the UI required setting specific flags. The webpack proxy
solves this problem in a much better way, by proxying everything.
This commit is one piece in the solving a use after free bug. Removing
this allows us to no longer have to cache the origin header [1], which
is only used in this mode.
Tested: Code compiles.
[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/70850
Change-Id: I01d67006e217c0c9fd2db7526c0ec34b0da068f3
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'src')
| -rw-r--r-- | src/webserver_run.cpp | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/webserver_run.cpp b/src/webserver_run.cpp index bb037232aa..f02ead96b9 100644 --- a/src/webserver_run.cpp +++ b/src/webserver_run.cpp @@ -3,7 +3,6 @@ #include "bmcweb_config.h" #include "app.hpp" -#include "cors_preflight.hpp" #include "dbus_monitor.hpp" #include "dbus_singleton.hpp" #include "event_service_manager.hpp" @@ -81,11 +80,6 @@ int run() crow::google_api::requestRoutes(app); #endif - if (bmcwebInsecureDisableXssPrevention != 0) - { - cors_preflight::requestRoutes(app); - } - crow::login_routes::requestRoutes(app); #ifdef BMCWEB_ENABLE_VM_NBDPROXY |