Store Request Fields that are needed later
Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate the problem without needing to revert that patch.
This commit does two relatively distinct things.
First, it moves basic auth types to a model where they're timed out
instead of removed on destruction. This removes the need for a Request
object to track that state, and arguably gives better behavior, as
basic auth sessions will survive through the timeout.
To prevent lots of basic auth sessions getting created, a basic auth
session is reused if it was:
1. Created by basic auth previously.
2. Created by the same user.
3. Created from the same source IP address.
Second, both connection classes now store the accept, and origin headers
from the request in the connection class itself, removing the need for
them.
Tested: HTML page now loads when pointing at a redfish URL with a
browser.
Change-Id: I623b43cbcbb43d9e65b408853660be09a5edb2b3
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/include/security_headers.hpp b/include/security_headers.hpp
index 2a2eb40..3206acc16 100644
--- a/include/security_headers.hpp
+++ b/include/security_headers.hpp
@@ -5,8 +5,7 @@
#include "http_request.hpp"
#include "http_response.hpp"
-inline void addSecurityHeaders(const crow::Request& req [[maybe_unused]],
- crow::Response& res)
+inline void addSecurityHeaders(crow::Response& res)
{
using bf = boost::beast::http::field;