On 11/29/2017 3:22 AM, Peter Welter wrote:
I will try the setting:
XYMON_NOCSPHEADER="TRUE"
This will bypass the problem by suppressing all CSP headers on those pages. This will leave those pages and forms vulnerable to Cross-Site hacks; intentional, accidental, and incidental. It may also fail to work on near-future browser releases.
I wouldn't consider "NOCSPHEADER" to be anything more than a troubleshooting flag. It's just to easy for content from the clients to make its way onto pages.
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska