From ec4d724f2995e130054a981c0a9ccb654a98d0e9 Mon Sep 17 00:00:00 2001 From: Joseph Reynolds Date: Wed, 17 Oct 2018 11:24:06 -0500 Subject: Nginx allow secure websocket connections This changes the nginx configuration so the HTTP response headers for the phosphor-webui web applicaton will allow wss (secure WebSocket) connections back to the host. This is needed for the Serial Over Lan (SOL) function. A recent fix used Content-Security-Policy default-src 'self' which unfortunately does not allow to wss connections. For details see https://github.com/openbmc/openbmc/issues/3409 Tested: The web app SOL function works Resolves: openbmc/openbmc#3409 (From meta-ibm rev: ba115c67c50b8e9691bbdbc4132dfef563c327c0) Change-Id: Ic46693c1c17ce83f422bc388ef1338894eeadb4d Signed-off-by: Joseph Reynolds Signed-off-by: Brad Bishop --- meta-ibm/recipes-httpd/nginx/files/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-ibm') diff --git a/meta-ibm/recipes-httpd/nginx/files/nginx.conf b/meta-ibm/recipes-httpd/nginx/files/nginx.conf index be7faf92f..befe98626 100644 --- a/meta-ibm/recipes-httpd/nginx/files/nginx.conf +++ b/meta-ibm/recipes-httpd/nginx/files/nginx.conf @@ -88,7 +88,7 @@ http { add_header X-Frame-Options deny; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; - add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' 'unsafe-eval' 'unsafe-inline'"; + add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self' wss: 'unsafe-eval' 'unsafe-inline'"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Cache-Control "no-store,no-cache"; add_header Pragma "no-cache"; -- cgit v1.2.1