[Xymon] Problems with Content Security Policy in Safari, Chrome, and IE

John Thurston john.thurston at alaska.gov
Thu Nov 9 18:06:45 CET 2017


On 11/8/2017 7:40 PM, Jonathan Trott wrote:
> Has anyone else run into this issue, or has any more information on how 
> I can modify the CSP headers to test?

I suspect google Chrome has just changed some of their requirements, 
because I got a call on a different CSP issue a couple of days ago.

Changing the CSP header information isn't straight forward in Xymon. In 
this case, it is defined in lib/cgi.c, between lines 200 and 300. If you 
want to _really_ change these things, you'll need to patch the file and 
rebuild.

If you'd like to test the required changes before doing so, you can set
   XYMON_NOCSPHEADER="TRUE"
in xymonserver.cfg   With this is set, xymon will not create any CSP 
response headers. You may then use mod_header in Apache to set whatever 
values you'd like.

Note: My experience is on solaris, so not with the terabithia builds.
--
    Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska



More information about the Xymon mailing list