From eb1eb78e639414bf0862e4c2fee5ab65c1d2f314 Mon Sep 17 00:00:00 2001
From: Ed Tanous <ed.tanous@intel.com>
Date: Tue, 24 Jul 2018 14:28:08 -0700
Subject: Update whitelist

As part of the redfish spec, both /redfish and /redfish/v1/odata need
to be allowed without credentials.  This adds them to the whitelist,
and improves our compliance with the specification.

Change-Id: I89d7c20ed497b77cdea83560087c9085747872bf
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
---
 include/token_authorization_middleware.hpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
index fcc86386fa..2e286e15ca 100644
--- a/include/token_authorization_middleware.hpp
+++ b/include/token_authorization_middleware.hpp
@@ -189,7 +189,9 @@ class Middleware {
   bool isOnWhitelist(const crow::Request& req) const {
     // it's allowed to GET root node without authentica tion
     if ("GET"_method == req.method()) {
-      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/") {
+      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/" ||
+          req.url == "/redfish" || req.url == "/redfish/" ||
+          req.url == "/redfish/v1/odata" || req.url == "/redfish/v1/odata/") {
         return true;
       } else if (crow::webassets::routes.find(std::string(req.url)) !=
                  crow::webassets::routes.end()) {
-- 
cgit v1.2.3