Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / a8c7347a0b32ed622219d02817ee3a6e1deb67e8^! / .
commita8c7347a0b32ed622219d02817ee3a6e1deb67e8[log] [tgz]
authorDerick Montague <derick.montague@ibm.com>Mon Jul 01 12:07:55 2019 -0500
committerGunnar Mills <gmills@us.ibm.com>Tue Aug 27 16:32:27 2019 +0000
treecff3373564e587fb6e5a4ca1afe751d0aa6bfa1b
parentbb688795ded24cd07c46de598170af41fb3bfd56 [diff]
Update README to indicate how to disable CSRF from BMCWEB

If a user needs to test when running locally, there are
two options that need to be turned on from BMC web. This
update adds the CSRF option to the documentation.

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I2473a0654678397ab84b90c647aaf4c256247ed8

diff --git a/README.md b/README.md
index 2b9b3b8..ad11767 100644
--- a/README.md
+++ b/README.md

@@ -1,17 +1,20 @@
 # OpenBMC Web User Interface
+
 The OpenBMC WebUI is a Web-based user interface for the OpenBMC
 firmware stack. The WebUI uses AngularJS. Features include:
-* View system overview data such as model information and serial number
-* View and manage event logs
-* View inventory data
-* View sensor data
-* Power On/Off server operations
-* Reboot BMC
-* Manage and update BMC and Host firmware
-* IPv4 network settings
-* SoL console
+
+- View system overview data such as model information and serial number
+- View and manage event logs
+- View inventory data
+- View sensor data
+- Power On/Off server operations
+- Reboot BMC
+- Manage and update BMC and Host firmware
+- IPv4 network settings
+- SoL console
 
 ## Requirements
+
 nodejs (>= 4.2.6)
 npm (>= 6.0.1)
 
@@ -22,11 +25,13 @@
 https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-npm
 
 ## Installation
+
 `npm install`
 
 **Note** This must be run from within the phosphor-webui git repository.
 
 ## Running locally
+
 `npm run-script server`
 
 This will start a server instance and begin listening for connections at
@@ -36,10 +41,12 @@
 might be required to prevent your browser from blocking traffic to the BMC.
 
 ## Logging in
+
 Enter the BMC Host or BMC IP address, username, and password.
 The default username and password are `root`/`0penBmc`.
 
 **Note** that some OpenBMC implementations use [bmcweb](https://github.com/openbmc/bmcweb)
 for its backend. For security reasons, bmcweb will need to be recompiled and
 loaded onto the target BMC Host before the above redirect command will work. The
-option to turn on within bmcweb is `BMCWEB_INSECURE_DISABLE_XSS_PREVENTION`.
+option to turn on within bmcweb is `BMCWEB_INSECURE_DISABLE_XSS_PREVENTION`. In
+order to test locally, you will also need to disable CSRF by turning on `BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION`.