[Xymon] Problems with Content Security Policy in Safari, Chrome, and IE
John Thurston
john.thurston at alaska.gov
Thu Nov 9 18:06:45 CET 2017
On 11/8/2017 7:40 PM, Jonathan Trott wrote:
> Has anyone else run into this issue, or has any more information on how
> I can modify the CSP headers to test?
I suspect google Chrome has just changed some of their requirements,
because I got a call on a different CSP issue a couple of days ago.
Changing the CSP header information isn't straight forward in Xymon. In
this case, it is defined in lib/cgi.c, between lines 200 and 300. If you
want to _really_ change these things, you'll need to patch the file and
rebuild.
If you'd like to test the required changes before doing so, you can set
XYMON_NOCSPHEADER="TRUE"
in xymonserver.cfg With this is set, xymon will not create any CSP
response headers. You may then use mod_header in Apache to set whatever
values you'd like.
Note: My experience is on solaris, so not with the terabithia builds.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the Xymon
mailing list