Home
last modified time | relevance | path

Searched hist:f6387628d22b525c20a16e4b928ceece0e03c92b (Results 1 – 4 of 4) sorted by relevance

/openbmc/phosphor-webui/app/
H A Dindex.htmldiff f6387628d22b525c20a16e4b928ceece0e03c92b Wed Oct 23 15:41:42 CDT 2019 Ed Tanous <ed.tanous@intel.com> Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC. This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested: Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f
/openbmc/phosphor-webui/
H A Dwebpack.config.jsdiff f6387628d22b525c20a16e4b928ceece0e03c92b Wed Oct 23 15:41:42 CDT 2019 Ed Tanous <ed.tanous@intel.com> Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC. This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested: Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f
H A Dpackage-lock.jsondiff f6387628d22b525c20a16e4b928ceece0e03c92b Wed Oct 23 15:41:42 CDT 2019 Ed Tanous <ed.tanous@intel.com> Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC. This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested: Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f
H A Dpackage.jsondiff f6387628d22b525c20a16e4b928ceece0e03c92b Wed Oct 23 15:41:42 CDT 2019 Ed Tanous <ed.tanous@intel.com> Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC. This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested: Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f