Searched hist:"994 fd86a3f6649a820f66313765e85e762ad105a" (Results 1 – 4 of 4) sorted by relevance
| /openbmc/bmcweb/test/redfish-core/include/ |
| H A D | redfish_aggregator_test.cpp | diff 994fd86a3f6649a820f66313765e85e762ad105a Tue Jun 06 15:37:03 CDT 2023 Ed Tanous <edtanous@google.com> Fix hack on Set-Cookie
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|
| /openbmc/bmcweb/include/ |
| H A D | authentication.hpp | diff 994fd86a3f6649a820f66313765e85e762ad105a Tue Jun 06 15:37:03 CDT 2023 Ed Tanous <edtanous@google.com> Fix hack on Set-Cookie
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|
| H A D | login_routes.hpp | diff 994fd86a3f6649a820f66313765e85e762ad105a Tue Jun 06 15:37:03 CDT 2023 Ed Tanous <edtanous@google.com> Fix hack on Set-Cookie
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|
| /openbmc/bmcweb/http/ |
| H A D | http_response.hpp | diff 994fd86a3f6649a820f66313765e85e762ad105a Tue Jun 06 15:37:03 CDT 2023 Ed Tanous <edtanous@google.com> Fix hack on Set-Cookie
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|