#
102a4cda |
| 15-Apr-2024 |
Jonathan Doman <jonathan.doman@intel.com> |
Manage Request with shared_ptr
This is an attempt to solve a class of use-after-move bugs on the Request objects which have popped up several times. This more clearly identifies code which owns the
Manage Request with shared_ptr
This is an attempt to solve a class of use-after-move bugs on the Request objects which have popped up several times. This more clearly identifies code which owns the Request objects and has a need to keep it alive. Currently it's just the `Connection` (or `HTTP2Connection`) (which needs to access Request headers while sending the response), and the `validatePrivilege()` function (which needs to temporarily own the Request while doing an asynchronous D-Bus call). Route handlers are provided a non-owning `Request&` for immediate use and required to not hold the `Request&` for future use.
Tested: Redfish validator passes (with a few unrelated fails). Redfish URLs are sent to a browser as HTML instead of raw JSON.
Change-Id: Id581fda90b6bceddd08a5dc7ff0a04b91e7394bf Signed-off-by: Jonathan Doman <jonathan.doman@intel.com> Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
c056aa7a |
| 14-Apr-2024 |
Ed Tanous <ed@tanous.net> |
Implement a Content-Security-Policy TODO
This TODO has been in bmcweb for a very long time. Implement it.
W3 sets rules for what security policies apply to which content types[1]. Reading through
Implement a Content-Security-Policy TODO
This TODO has been in bmcweb for a very long time. Implement it.
W3 sets rules for what security policies apply to which content types[1]. Reading through this, essentially CSP should only apply to HTML files.
Tested: Unit tests pass. Webui loads properly. Chrome network window Shows headers show up as expected.
[1] https://www.w3.org/TR/CSP2/#which-policy-applies
Change-Id: I5467d0373832668763c72a66da2a8872e07bfb58 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
f0b59af4 |
| 20-Mar-2024 |
Ed Tanous <ed@tanous.net> |
Add misc-include-cleaner
And fix the includes that are wrong.
Note, there is a very large ignore list included in the .clang-tidy configcfile. These are things that clang-tidy doesn't yet handle w
Add misc-include-cleaner
And fix the includes that are wrong.
Note, there is a very large ignore list included in the .clang-tidy configcfile. These are things that clang-tidy doesn't yet handle well, like knowing about a details include.
Change-Id: Ie3744f2c8cba68a8700b406449d6c2018a736952 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
998e0cbd |
| 06-Sep-2023 |
Ed Tanous <edtanous@google.com> |
Fix missing date
At some point, the date got removed from http1 requests. HTTP2 does not show this issue, but this showed up in unit tests (which is why the prior commit is adding unit tests).
The
Fix missing date
At some point, the date got removed from http1 requests. HTTP2 does not show this issue, but this showed up in unit tests (which is why the prior commit is adding unit tests).
The Date Header is useful for synchronizing things like Cache-Control-Policy, with the actual server time, instead of the local system time.
Tested: Unit tests pass.
Change-Id: I8f105f0cbb6c816c5ec6b14cbeae587d728a20d2 Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|
#
4fa45dff |
| 01-Sep-2023 |
Ed Tanous <edtanous@google.com> |
Unit test Connection
Boost asio provides a test stream object that we can use to begin unit testing the connection object. This patchset uses it to re-enable some simple http1.1 tests. There's som
Unit test Connection
Boost asio provides a test stream object that we can use to begin unit testing the connection object. This patchset uses it to re-enable some simple http1.1 tests. There's some features that have snuck into the connection class that aren't compatible with a stream (like ip address getting), so unfortunately we do need the connection class to be aware if it's in test mode, but that tradeoff seems worthwhile.
Tested: Unit test pass.
Change-Id: Id8b1f8866582b58502dbafe6139f841bf64b8ef3 Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|