Include bmcweb XSS disable in README If bmcweb is hosting the webui then XSS needs to be disabled to connect a local webui instance to the BMC. Change-Id: I538f657eed65939021120baa71c63728f2e6a828 Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

commit: 3d3e326692f7a81b47ad53b655ca74839eda2e54 [log] [tgz]
author: Andrew Geissler <geissonator@yahoo.com> Mon Oct 15 16:46:54 2018 -0400
committer: Andrew Geissler <geissonator@yahoo.com> Mon Oct 15 16:46:54 2018 -0400
tree: 0b4b05116f024db9aef66537cfbe38b0b45cacee
parent: 628ba8b33d4b02f19626a1f61e8fa2f067e35e2f [diff]
diff --git a/README.md b/README.md
index f176529..01cd4d4 100644
--- a/README.md
+++ b/README.md

@@ -30,3 +30,8 @@
 ## Logging in
 Enter the BMC Host or BMC IP address, username, and password.
 The default username and password are `root`/`0penBmc`.
+
+**Note** that some OpenBMC implementations use [bmcweb](https://github.com/openbmc/bmcweb)
+for its backend. For security reasons, bmcweb will need to be recompiled and
+loaded onto the target BMC Host before the above redirect command will work. The
+option to turn on within bmcweb is `BMCWEB_INSECURE_DISABLE_XSS_PREVENTION`.
commit	3d3e326692f7a81b47ad53b655ca74839eda2e54	[log] [tgz]
author	Andrew Geissler <geissonator@yahoo.com>	Mon Oct 15 16:46:54 2018 -0400
committer	Andrew Geissler <geissonator@yahoo.com>	Mon Oct 15 16:46:54 2018 -0400
tree	0b4b05116f024db9aef66537cfbe38b0b45cacee
parent	628ba8b33d4b02f19626a1f61e8fa2f067e35e2f [diff]