[Xymon] Info/Refresh updated patch
John Thurston
john.thurston at alaska.gov
Thu Feb 11 00:25:09 CET 2016
On 2/10/2016 1:14 PM, J.C. Cleaver wrote:
> On the refresh value, this was an unintentionally broad change.
>
> CSP sadly catches the META HTTP-EQUIV "Refresh" tag as well as something
> that is no longer honored, which requires moving it up into the actual
> HTTP headers. This updated version of the CSP patch (from the last email)
> does two things:
> 1) separate out info and trends pages from "regular" svcstatus pages. The
> former won't be auto-refreshed
> 2) adds a previously-referenced XYMWEBREFRESH variable, which can be used
> to configure this (default: 60s)
>
> Going from 60s to 30s was an error on my part. I'd actually thought that
> was the value for some reason...
These patches are helping. Thank you!
> On info pages not allowing _targets, that's also something caught by CSP.
> The patch should fix this as well. Please verify if you can.
To let the "target=_blank" option work, I needed to add "allow-popups"
to line 269 of lib/cgi.c
> 269 else if (strncmp(str, "svcstatus-info", 14) == 0) csppol = strdup("script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-popups;");
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
More information about the Xymon
mailing list