> Am 07.09.2017 um 09:07 schrieb Bhuvan Gupta :
>
> I create a allMonit.html which have two iframe with src of two different
> monit http interface running on two different system
Use apache2 with proxy:
ProxyPass /firstserver/ http://firstserver:2812/
ProxyPassReverse /firstserver/ http://fi
I don't think you can easilly bypass the csrf mechanism when using iframe,
as one of its goal it to avoid this kind of usage (not related to monit),
you will need several hack to allow it if you cannot disable at monit level.
Maybe document yourself about csrf could help to find hacks.
Le 14 sept
Hello,
the Access-Control-Allow-Credentials is dangerous header.
Monit uses state-less double-submit-cookie pattern for CSRF defence:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie
... the action will work when the request's "securi