[Xymon] Problems with Content Security Policy in Safari, Chrome, and IE
John Thurston
john.thurston at alaska.gov
Wed Nov 29 18:26:34 CET 2017
On 11/29/2017 3:22 AM, Peter Welter wrote:
> I will try the setting:
>
> XYMON_NOCSPHEADER="TRUE"
This will bypass the problem by suppressing all CSP headers on those
pages. This will leave those pages and forms vulnerable to Cross-Site
hacks; intentional, accidental, and incidental. It may also fail to work
on near-future browser releases.
I wouldn't consider "NOCSPHEADER" to be anything more than a
troubleshooting flag. It's just to easy for content from the clients to
make its way onto pages.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the Xymon
mailing list