On 2/10/2016 1:14 PM, J.C. Cleaver wrote:
On the refresh value, this was an unintentionally broad change.
CSP sadly catches the META HTTP-EQUIV "Refresh" tag as well as something
that is no longer honored, which requires moving it up into the actual
HTTP headers. This updated version of the CSP patch (from the last email)
does two things:
1) separate out info and trends pages from "regular" svcstatus pages. The
former won't be auto-refreshed
2) adds a previously-referenced XYMWEBREFRESH variable, which can be used
to configure this (default: 60s)
Going from 60s to 30s was an error on my part. I'd actually thought that
was the value for some reason...
These patches are helping. Thank you!
On info pages not allowing _targets, that's also something caught by CSP.
The patch should fix this as well. Please verify if you can.
To let the "target=_blank" option work, I needed to add "allow-popups"
to line 269 of lib/cgi.c
269 else if (strncmp(str, "svcstatus-info", 14) == 0) csppol = strdup("script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-popups;");
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Enterprise Technology Services
Department of Administration
State of Alaska