redfish: service_root: security: fix security headers requirement for Level2 Directives
Symptom:
"Login And Verify HTTP Response Header" test item got failed.
Root cause:
Due to bmcweb add "Content-Security-Policy(CSP)" to Level2 Directives.
However, the headers requriement didn't sync to Level2 Directives from bmcweb.
Solution:
Modify "Content-Security-Policy" of header_requirements for Level2 Directives.
Tested:
robot -t Login_And_Verify_HTTP_Response_Header redfish/service_root/test_service_root_security.robot
Test Service Root Security :: Test Redfish service root login secu... | PASS |
1 test, 1 passed, 0 failed
Signed-off-by: Tim Lee <timlee660101@gmail.com>
Change-Id: I3a983ac72db1915401f4793ea3c7897bb5e8f0dd
diff --git a/redfish/service_root/test_service_root_security.robot b/redfish/service_root/test_service_root_security.robot
index 35e24b2..4640ecf 100644
--- a/redfish/service_root/test_service_root_security.robot
+++ b/redfish/service_root/test_service_root_security.robot
@@ -16,7 +16,7 @@
... X-Frame-Options=DENY
... Pragma=no-cache
... Cache-Control=no-Store,no-Cache
-... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
+... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; plugin-types 'none'; base-uri 'none'
... X-XSS-Protection=1; mode=block
... X-Content-Type-Options=nosniff