commit | 09e7afdc5aad573dbdb21b523893f2ac02477686 | [log] [tgz] |
---|---|---|
author | Basheer Ahmed Muddebihal <basheerx.muddebihal@intel.com> | Wed Mar 17 00:55:57 2021 -0700 |
committer | Ed Tanous <ed@tanous.net> | Wed Apr 14 17:13:20 2021 +0000 |
tree | fabe119c5fd0d853d08944baaa4fb69e0e128259 | |
parent | 4642bf8f9dd78ec2990f7cd027d0efd3114e9e6d [diff] |
Add Content-Security-Policy(CSP) Level2 Directives Content Security Policy Level2 directives as below, form-action set to 'none'-No form-submissions to external websites. frame-ancestors set to 'none' -Preventing framing attacks (clickjacking, cross-site leaks) plugin-types set to 'none' -Plugins are not allowed base-uri set to 'none' -protect against classical stored,reflected, and some of the DOM XSS attacks. More Information <https://cheatsheetseries.owasp.org/cheatsheets/ Content_Security_Policy_Cheat_Sheet.html> Tested : Checked the CSP level directives in Chrome/Firefox/Safari Browsers, webui and webui-vue. Change-Id: Id823958469fdbb02259fcc24c4e91789c65eec33 Signed-off-by: Basheer Ahmed Muddebihal <basheerx.muddebihal@intel.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.