summaryrefslogtreecommitdiffstats
path: root/meta-ibm
diff options
context:
space:
mode:
authorJoseph Reynolds <jrey@us.ibm.com>2018-10-17 11:24:06 -0500
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-10-23 13:29:40 -0400
commitec4d724f2995e130054a981c0a9ccb654a98d0e9 (patch)
tree3cf59e51c23dae985103d39c87c699ba165860a4 /meta-ibm
parent12fca02687b481cc263ffeac707bb239a5780cca (diff)
downloadtalos-openbmc-ec4d724f2995e130054a981c0a9ccb654a98d0e9.tar.gz
talos-openbmc-ec4d724f2995e130054a981c0a9ccb654a98d0e9.zip
Nginx allow secure websocket connections
This changes the nginx configuration so the HTTP response headers for the phosphor-webui web applicaton will allow wss (secure WebSocket) connections back to the host. This is needed for the Serial Over Lan (SOL) function. A recent fix used Content-Security-Policy default-src 'self' which unfortunately does not allow to wss connections. For details see https://github.com/openbmc/openbmc/issues/3409 Tested: The web app SOL function works Resolves: openbmc/openbmc#3409 (From meta-ibm rev: ba115c67c50b8e9691bbdbc4132dfef563c327c0) Change-Id: Ic46693c1c17ce83f422bc388ef1338894eeadb4d Signed-off-by: Joseph Reynolds <jrey@us.ibm.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-ibm')
-rw-r--r--meta-ibm/recipes-httpd/nginx/files/nginx.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-ibm/recipes-httpd/nginx/files/nginx.conf b/meta-ibm/recipes-httpd/nginx/files/nginx.conf
index be7faf92f..befe98626 100644
--- a/meta-ibm/recipes-httpd/nginx/files/nginx.conf
+++ b/meta-ibm/recipes-httpd/nginx/files/nginx.conf
@@ -88,7 +88,7 @@ http {
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
- add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' 'unsafe-eval' 'unsafe-inline'";
+ add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' wss: 'unsafe-eval' 'unsafe-inline'";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Cache-Control "no-store,no-cache";
add_header Pragma "no-cache";
OpenPOWER on IntegriCloud