Revert "Fix websocket csrf checking"

This reverts commit e628df8658c57f6943b6d3612e1077618e5a168a.

This appears to cause problems with non-cookie login of the console
websocket.  This appears to be a gap in both our testing, and things
that we have scripting to do, but clearly it's a change in behavior, so
if we want to change the behavior, we should do it intentionally, and
clearly, ideally with a path to make clients work, or an explicit
documentation that the webui is the only supported client.

Change-Id: I334257e1355a5b8431cb7ecfe58ef8a942f4981c
Signed-off-by: Ed Tanous <edtanous@google.com>
diff --git a/http/websocket.hpp b/http/websocket.hpp
index 0faa8c6..434a0c1 100644
--- a/http/websocket.hpp
+++ b/http/websocket.hpp
@@ -100,7 +100,8 @@
             if (session != nullptr)
             {
                 // use protocol for csrf checking
-                if (!crow::utility::constantTimeStringCompare(
+                if (session->cookieAuth &&
+                    !crow::utility::constantTimeStringCompare(
                         protocol, session->csrfToken))
                 {
                     BMCWEB_LOG_ERROR << "Websocket CSRF error";