[Xymon] Info/Refresh updated patch

J.C. Cleaver cleaver at terabithia.org
Thu Feb 11 04:52:15 CET 2016


On Wed, February 10, 2016 3:25 pm, John Thurston wrote:
> On 2/10/2016 1:14 PM, J.C. Cleaver wrote:

>> 1) separate out info and trends pages from "regular" svcstatus pages.
>> The
>> former won't be auto-refreshed
>> 2) adds a previously-referenced XYMWEBREFRESH variable, which can be
>> used
>> to configure this (default: 60s)
>>
>> Going from 60s to 30s was an error on my part. I'd actually thought that
>> was the value for some reason...
>
> These patches are helping. Thank you!
>
>> On info pages not allowing _targets, that's also something caught by
>> CSP.
>> The patch should fix this as well. Please verify if you can.
>
> To let the "target=_blank" option work, I needed to add "allow-popups"
> to line 269 of lib/cgi.c
>
>>     269         else if (strncmp(str, "svcstatus-info", 14) == 0) csppol
>> = strdup("script-src 'self' 'unsafe-inline'; connect-src 'self';
>> form-action 'self'; sandbox allow-forms allow-scripts
>> allow-popups;");
>


Can you test with the following two patches? I believe these should take
care of the outstanding issues. It seems like some versions of Chrome need
the allow-modals permission as well.


Regards,
-jc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: svcstatus-cspfix-4.patch
Type: text/x-patch
Size: 2690 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160210/0bdf4688/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enadis-secfix-4.patch
Type: text/x-patch
Size: 1073 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160210/0bdf4688/attachment-0001.bin>


More information about the Xymon mailing list