Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / f6387628d22b525c20a16e4b928ceece0e03c92b
commitf6387628d22b525c20a16e4b928ceece0e03c92b[log] [tgz]
authorEd Tanous <ed.tanous@intel.com>Wed Oct 23 13:41:42 2019 -0700
committerEd Tanous <ed.tanous@intel.com>Wed Oct 23 13:41:42 2019 -0700
tree91546d2b003d5a9fecd7e0295399d57beb6468a4
parent5e930c0aeb5b66df2c357be4d5c33d4828c2783f [diff]
Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb.  Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC.  This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested:  Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f
4 files changed
tree: 91546d2b003d5a9fecd7e0295399d57beb6468a4
  1. app/
  2. .clang-format
  3. .gitignore
  4. config.json
  5. format-code.sh
  6. karma.conf.js
  7. LICENSE
  8. MAINTAINERS
  9. package-lock.json
  10. package.json
  11. postcss.config.js
  12. README.md
  13. sonar-project.properties
  14. webpack.config.js
README.md

OpenBMC Web User Interface

The OpenBMC WebUI is a Web-based user interface for the OpenBMC firmware stack. The WebUI uses AngularJS. Features include:

  • View system overview data such as model information and serial number
  • View and manage event logs
  • Inventory data
  • Sensor data
  • Power On/Off server operations
  • Reboot BMC
  • SOL console
  • Remote KVM
  • Virtual media
  • Date and time settings
  • IPv4 network settings
  • Manage and update BMC and Host firmware
  • LDAP
  • SSL certificates
  • Local user management

Requirements

nodejs (>= 4.2.6) npm (>= 6.0.1)

Note The default installation of your Linux distro may not come with the required versions above. See the following for more information on updating:

https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-node https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-npm

Installation

npm install

Note This must be run from within the phosphor-webui git repository.

Running locally

npm run-script server

This will start a server instance and begin listening for connections at http://localhost:8080. This development server provides live reloading on code changes. NOTE: Browsing to https://<BMC> and accepting the self-signed certificate might be required to prevent your browser from blocking traffic to the BMC.

Logging in

Enter the BMC Host or BMC IP address, username, and password. The default username and password are root/0penBmc.

Note that some OpenBMC implementations use bmcweb for its backend. For security reasons, bmcweb will need to be recompiled and loaded onto the target BMC Host before the above redirect command will work. The option to turn on within bmcweb is BMCWEB_INSECURE_DISABLE_XSS_PREVENTION. In order to test locally, you will also need to disable CSRF by turning on BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION.