Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / c3f5e3181d8753c8741ccde0578dfea041e3afb2^! / .
commitc3f5e3181d8753c8741ccde0578dfea041e3afb2[log] [tgz]
authorJames Feist <james.feist@linux.intel.com>Tue Apr 07 15:19:59 2020 -0700
committerJames Feist <james.feist@linux.intel.com>Mon Apr 13 20:21:36 2020 +0000
tree97a8f22a86999ca349e7018cf59a9279f44226fb
parent09081ec7f06491150e90838a4bec53004358db51 [diff]
Add XSRF token into websocket request

Add XSRF token so we can implement CRSF checking
on websockets.

Tested: Saw it in bmcweb logs

Change-Id: Ie9479508bc69fad631f66fb282133ad18d025300
Signed-off-by: James Feist <james.feist@linux.intel.com>

diff --git a/app/server-control/directives/kvm-console.js b/app/server-control/directives/kvm-console.js
index 913990d..f00d802 100644
--- a/app/server-control/directives/kvm-console.js
+++ b/app/server-control/directives/kvm-console.js

@@ -12,7 +12,7 @@
   'use strict';
 
   angular.module('app.serverControl').directive('kvmConsole', [
-    '$log', '$location',
+    '$log', '$cookies', '$location',
     function($log, $location) {
       return {
         restrict: 'E', template: require('./kvm-console.html'),
@@ -42,9 +42,10 @@
               var port = $location.port();
               var target = element[0].firstElementChild;
               try {
+                var token = $cookies.get('XSRF-TOKEN');
                 rfb = new RFB(
-                    target, 'wss://' + host + ':' + port + '/kvm/0', {});
-
+                    target, 'wss://' + host + '/kvm/0',
+                    {'wsProtocols': [token]});
                 rfb.addEventListener('connect', connected);
                 rfb.addEventListener('disconnect', disconnected);
               } catch (exc) {

diff --git a/package-lock.json b/package-lock.json
index dc61960..f7f83ae 100644
--- a/package-lock.json
+++ b/package-lock.json

@@ -894,9 +894,7 @@
       }
     },
     "@novnc/novnc": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@novnc/novnc/-/novnc-1.1.0.tgz",
-      "integrity": "sha512-W90Q79EuCYT++39aT/VKGyk7hUt2gPN3rN+ifPUvY4rdjgZlfwdCg9q7yzj04hke/zgdHsbXFfyFijBvrRuU5A=="
+      "version": "git+https://github.com/novnc/noVNC.git#25b3d49d322b0a7c9ee1e071d93042d70f5176b7"
     },
     "@types/events": {
       "version": "3.0.0",

diff --git a/package.json b/package.json
index 2ce8991..8d8f170 100644
--- a/package.json
+++ b/package.json

@@ -24,7 +24,8 @@
     "Iftekharul Islam <iffy.ryan@ibm.com>",
     "Michael Davis <michael.s.davis@ibm.com>",
     "Ed Tanous <ed.tanous@intel.com>",
-    "Gunnar Mills <gmills@us.ibm.com>"
+    "Gunnar Mills <gmills@us.ibm.com>",
+    "James Feist <james.feist@linux.intel.com>"
   ],
   "files": [
     "dist"
@@ -34,7 +35,7 @@
     "node"
   ],
   "dependencies": {
-    "@novnc/novnc": "1.1.0",
+    "@novnc/novnc": "git+https://github.com/novnc/noVNC.git#25b3d49d322b0a7c9ee1e071d93042d70f5176b7",
     "angular": "1.7.9",
     "angular-animate": "1.7.8",
     "angular-clipboard": "1.7.0",