Any help will be nice On Thu, Sep 7, 2017 at 12:37 PM, Bhuvan Gupta <bhuva...@gmail.com> wrote:
> Hello all, > > I create a allMonit.html which have two iframe with src of two different > monit http interface running on two different system > > allMonit.html structure > <iframe src = "http://firstserver:2812";></iframe> > <iframe src = "http://seconderver:2812";></iframe> > > Now when i open allMonit.html in chrome , i see two monit interfaces. GREAT > > Now if i try to let say "start a service" on one firstserver. I get > invalid CSRF. > > Upon investigation i found that *without *iframe the http request > contains a cookiee header like > Cookie: > securitytoken=6265d84a17c2715c7252c84d88a479cf > Where as http request from iframe does not include cookie header. > > Upon further study, i found that since monit http response does not > contain following header > Access-Control-Allow-Credentials: true > and hence browser will not transmit the cookie back to server. > > Now the question arises: > > *QUESTION: How to configure monit to add addition http header* > > Thanks > *Bhuvan* > > > > >
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
