We have recently upgraded our monitoring server from 4.3.17 to 4.3.27 and now getting " is sandboxed, and the 'allow-scripts' keyword is not set." errors in modern Chrome
for svcstatus.sh pages
Let me explain:
Some our custom tests may generate large content with detailed technical information, which is not always required to show on web-page.
monitoring test generate HTML content with DIV having style='display: none'
HTML content also contains <A HREF> element with java script function call to show DIV content on click (or hide on click again)
Appropriate java script function is placed in page header - it was placed in HEAD element - in ./server/web/hostsvc_header
./server/web/histlog_header
so generated header is the following:
==============
<HEAD>
<META HTTP-EQUIV="REFRESH" CONTENT="60">
<META HTTP-EQUIV="EXPIRES" CONTENT="Sat, 01 Jan 2001 00:00:00 GMT">
<META HTTP-EQUIV="Set-Cookie" CONTENT="pagepath=; path=/">
<META HTTP-EQUIV="Set-Cookie" CONTENT="host=target-hostname; path=/">
<TITLE>yellow : Xymon - dbinvobj status forhost=target-hostname (10.*.*.*) @ Thu Jan 12 19:07:47 2017</TITLE>
<!-- Styles for the Xymon body -->
<link rel="stylesheet" type="text/css" href="/xymon/gifs/xymonbody.css">
<!-- Styles for the menu bar -->
<link rel="stylesheet" type="text/css" href="/xymon/menu/xymonmenu-blue.css">
<!-- The favicon image -->
<link rel="shortcut icon" href="/xymon/gifs/favicon-yellow.ico">
<!-- CoMinder customisation -->
<script language="JavaScript1.2" type="text/javascript">
function toggle_div(p_DivName,p_LinkName,p_showCaption,p_HideCaption) {
var div_element = document.getElementById(p_DivName);
var text = document.getElementById(p_LinkName);
if(div_element.style.display == "block") {
div_element.style.display = "none";
text.innerHTML = p_showCaption;
}
else {
div_element.style.display = "block";
text.innerHTML = p_HideCaption;
}
}
</script>
<!-- end of CoMinder customisation -->
</HEAD>
==============
It was working fine in 4.3.17 (really we still have one monitoring server of that version and it is working)
In 4.3.27 - we get the following errors in latest Chrome and our java script function is not working (nothing happens)
1)
Refused to execute the redirect specified via '<meta http-equiv='refresh' content='...'>'. The document is sandboxed, and the 'allow-scripts' keyword is not set.
2) Blocked script execution in 'https://myhostname:port/xymon-cgi/svcstatus.sh?HOST=target-hostname&SERVICE=custmetric'; because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Note: old Opera (before Chromium), old (2013) Chrome and more or less modern FireFox ESR does not have such problem.
I have found similar thread for [Xymon] 4.3.25 - ouch (reverting to 4.3.22), but not identical and it looks like final solution was not found.
http://lists.xymon.com/archive/2016-February/043013.html
I have compared pages sources from XyMon 4.3.17 and 4.3.27 for the same content.
and the difference is only 1 line, which IMHO should not affect - 1 menu item added in 4.3.27:
<a class="inner" href="/xymon-cgi/acknowledgements.sh">Acknowledgements</a>
If I save both pages locally as HTML file and open in Chrome - java script function is working and there are no "sandboxed" errors.
Best regards,
Andrey Chervonets
SIA CoMinder
http://www.cominder.eu/
mobile: +XXX XXXXXXXX