Update whitelist As part of the redfish spec, both /redfish and /redfish/v1/odata need to be allowed without credentials. This adds them to the whitelist, and improves our compliance with the specification. Change-Id: I89d7c20ed497b77cdea83560087c9085747872bf Signed-off-by: Ed Tanous <ed.tanous@intel.com>

commit: eb1eb78e639414bf0862e4c2fee5ab65c1d2f314 [log] [tgz]
author: Ed Tanous <ed.tanous@intel.com> Tue Jul 24 14:28:08 2018 -0700
committer: Ed Tanous <ed.tanous@intel.com> Wed Aug 15 18:57:29 2018 +0000
tree: 9cbab8eb5ed06c7d13ddf39a57495381a66ba3e9
parent: 90ad5ed9ff7463245b6edb3ab6087eb33689ce3c [diff]
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
index fcc8638..2e286e1 100644
--- a/include/token_authorization_middleware.hpp
+++ b/include/token_authorization_middleware.hpp

@@ -189,7 +189,9 @@
   bool isOnWhitelist(const crow::Request& req) const {
     // it's allowed to GET root node without authentica tion
     if ("GET"_method == req.method()) {
-      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/") {
+      if (req.url == "/redfish/v1" || req.url == "/redfish/v1/" ||
+          req.url == "/redfish" || req.url == "/redfish/" ||
+          req.url == "/redfish/v1/odata" || req.url == "/redfish/v1/odata/") {
         return true;
       } else if (crow::webassets::routes.find(std::string(req.url)) !=
                  crow::webassets::routes.end()) {
commit	eb1eb78e639414bf0862e4c2fee5ab65c1d2f314	[log] [tgz]
author	Ed Tanous <ed.tanous@intel.com>	Tue Jul 24 14:28:08 2018 -0700
committer	Ed Tanous <ed.tanous@intel.com>	Wed Aug 15 18:57:29 2018 +0000
tree	9cbab8eb5ed06c7d13ddf39a57495381a66ba3e9
parent	90ad5ed9ff7463245b6edb3ab6087eb33689ce3c [diff]