commit da7f41eaa8e20bef9d866c2e95042227249b2528
author Ed Tanous <ed.tanous@intel.com> Mon Dec 10 13:36:40 2018 -0800
committer Ed Tanous <ed.tanous@intel.com> Tue Dec 18 21:09:59 2018 +0000
tree 5077c248de305409d4622bce31c655a948cd4a0e
parent 7517658e75c07ba0ac0e9641fd5976175675f77f

bmcweb Add DELETE to allowed XSS methods

When in cross site scripting mode, delete should be allowed, along with
PATCH, PUT, and POST, to delete values.

Change-Id: If59594b6a01794c843c0290249bd397b9e305a3e
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

include/security_headers_middleware.hpp

diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
index 4ef864b..872f4aa 100644
--- a/include/security_headers_middleware.hpp
+++ b/include/security_headers_middleware.hpp
@@ -47,7 +47,8 @@
         res.addHeader(bf::access_control_allow_methods, "GET, "
                                                         "POST, "
                                                         "PUT, "
-                                                        "PATCH");
+                                                        "PATCH, "
+                                                        "DELETE");
         res.addHeader(bf::access_control_allow_credentials, "true");
         res.addHeader(bf::access_control_allow_headers, "Origin, "
                                                         "Content-Type, "