commit 3eb2f35f28249b9b5dc2159a44ca75a0fa7677a5
author Ed Tanous <ed.tanous@intel.com> Thu Dec 20 12:30:45 2018 -0800
committer Ed Tanous <ed.tanous@intel.com> Thu Feb 21 01:45:55 2019 +0000
tree fdd26d7d50088bdef022f1d58de8e38458ef6552
parent 2f1ebcd18ca79f4bf19a0924a0b26a8436f24f6c

Implement KVM websocket proxy in bmcweb

This patchset implements a KVM websocket proxy designed to interoperate
with phosphor-webui and KVM.  in short, IP address 127.0.0.1:5900 is
proxied to the websocket.  This allows someone to connect from a browser
session.

Requires patchset here for the phosphor-webui side:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-webui/+/10268/
and requires the kvm patches here:
https://gerrit.openbmc-project.xyz/#/c/openbmc/meta-phosphor/+/13536/

Tested By:
Launched webui, observed KVM.  Moved mouse, and typed on keyboard,
changes appeared on host system.

Change-Id: I407488f4b16be208b188a0abc19954a0243af173
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

include/security_headers_middleware.hpp

diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
index 5e8e7d9..1ebc43c 100644
--- a/include/security_headers_middleware.hpp
+++ b/include/security_headers_middleware.hpp
@@ -36,7 +36,12 @@
 
         res.addHeader(bf::pragma, "no-cache");
         res.addHeader(bf::cache_control, "no-Store,no-Cache");
-        res.addHeader("Content-Security-Policy", "default-src 'self'");
+
+        // The KVM currently needs to load images from base64 encoded strings.
+        // img-src 'self' data: is used to allow that.
+        // https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28
+        res.addHeader("Content-Security-Policy",
+                      "default-src 'self'; img-src 'self' data:");
         res.addHeader("X-XSS-Protection", "1; "
                                           "mode=block");
         res.addHeader("X-Content-Type-Options", "nosniff");