From f8aa3d2704d3897eb724dab9ac596af8b1f0e33e Mon Sep 17 00:00:00 2001
From: James Feist <james.feist@linux.intel.com>
Date: Wed, 8 Apr 2020 18:32:33 -0700
Subject: Add CSRF check into websockets

This adds CSRF check into websockets to avoid
attacks on websockets.

Tested: Could no longer use crosssite scripting to
open websocket. KVM and SOL still work once web-ui
changes are updated

Change-Id: I325079ae3d4db2701671564dff733e034d2670d6
Signed-off-by: James Feist <james.feist@linux.intel.com>
---
 include/sessions.hpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/sessions.hpp')

diff --git a/include/sessions.hpp b/include/sessions.hpp
index 4144705776..8ff903a439 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -39,6 +39,7 @@ struct UserSession
     std::string csrfToken;
     std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
     PersistenceType persistence;
+    bool cookieAuth = false;
 
     /**
      * @brief Fills object with data from UserSession's JSON representation
-- 
cgit v1.2.3