[Xymon] Issue with links in critical.cfg

[Ron Cohen]

Here you are:

diff  cgi.c ~/xymon-4.3.28/lib/cgi.c

280c280

<       else if (strncmp(str, "svcstatus", 9) == 0) csppol =
strdup("script-src 'self'; connect-src 'self'; form-action 'self'; sandbox
allow-forms allow-same-origin;");

---

>       else if (strncmp(str, "svcstatus", 9) == 0) csppol =
strdup("script-src 'self'; connect-src 'self'; form-action 'self'; sandbox
allow-forms allow-same-origin allow-popups allow-scripts allow-modals;");


As can be seen, this is for 4.3.28 not sure whether the CGI.c has been
changed in latter versions. But I guess it's obvious what needs to be
charged.

Ron

On Thu, 2 Mar 2023, 16:17 Ron Cohen, <rcohen55 at gmail.com> wrote:

> Had this sandbox issue when trying to open an iframe from test link.
> Unfortunately it is not configurable (as far as I can tell) and had to
> change the code of one of the cgi's.
> I'll send you the exact change when back home later today (GMT). You will
> need the source code for this pack.
> Ron
>
> On Thu, 2 Mar 2023, 08:59 Neil Simmonds, <Neil.Simmonds at studio.co.uk>
> wrote:
>
>> Hi all,
>>
>>
>>
>> I’ve recently built a new server using Terabithia RPM’s and it’s version
>> 4.3.30. Our old server is 4.3.4
>>
>>
>>
>> On these servers, when adding critical.cfg entries we add a http link in
>> the Instruction” field so the result looks like this
>>
>>
>>
>>
>>
>> On the 4.3.4 version, clicking on the “Expert Advice” link will open a
>> new tab with the relevant page (it uses target=”_blank”), however on the
>> new system, left clicking the link won’t open it at all and it throws an
>> error
>>
>>
>>
>> Blocked script execution in ‘URL' because the document's frame is
>> sandboxed and the 'allow-scripts' permission is not set. This seems to be a
>> change in the way that frame is built and means the only way we have of
>> opening the link now is to right click and select “open in new tab”. Does
>> anyone know if there is a way we can restore the left click functionality
>> (I don’t believe this is a browser issue but is an issue with the page)
>>
>>
>>
>> Kind regards,
>>
>> Neil Simmonds
>> Studio is a trading name of Studio Retail Ltd which is authorised and
>> regulated by the Financial Conduct Authority for consumer credit and
>> general insurance. Studio Retail Ltd are members of the Finance and Leasing
>> Association (FLA). Registered in England. No: 718151. Registered Office:
>> Church Bridge House, Henry Street, Accrington, BB5 4EE NOTE: This email and
>> any information contained within or attached in a separate file is
>> confidential and intended solely for the Individual to whom it is
>> addressed. The information or data included is solely for the purpose
>> indicated or previously agreed. Any information or data included with this
>> e-mail remains the property of Studio Retail Ltd and the recipient will
>> refrain from utilising the information for any purpose other than that
>> indicated and upon request will destroy the information and remove it from
>> their records. Any views or opinions presented are solely those of the
>> author and do not necessarily represent those of Studio Retail Ltd. If you
>> are not the intended recipient, be advised that you have received this
>> email in error and that any use, dissemination, forwarding, printing, or
>> copying of this email is strictly prohibited. No warranties or assurances
>> are made in relation to the safety and content of this e-mail and any
>> attachments. No liability is accepted for any consequences arising from it.
>> Studio Retail Ltd reserves the right to monitor all e-mail communications
>> through its internal and external networks. If you have received this email
>> in error, please notify our careline on +44(0) 371 200 0378.
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20230302/293af429/attachment.htm>