Re: CSRF does not work in iframe.

> Am 07.09.2017 um 09:07 schrieb Bhuvan Gupta : > > I create a allMonit.html which have two iframe with src of two different > monit http interface running on two different system Use apache2 with proxy: ProxyPass /firstserver/ http://firstserver:2812/ ProxyPassReverse

Re: CSRF does not work in iframe.

I don't think you can easilly bypass the csrf mechanism when using iframe, as one of its goal it to avoid this kind of usage (not related to monit), you will need several hack to allow it if you cannot disable at monit level. Maybe document yourself about csrf could help to find hacks. Le 14

Re: CSRF does not work in iframe.

Hello, the Access-Control-Allow-Credentials is dangerous header. Monit uses state-less double-submit-cookie pattern for CSRF defence: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie ... the action will work when the request's

Re: CSRF does not work in iframe.

Any help will be nice On Thu, Sep 7, 2017 at 12:37 PM, Bhuvan Gupta wrote: > Hello all, > > I create a allMonit.html which have two iframe with src of two different > monit http interface running on two different system > > allMonit.html structure >

CSRF does not work in iframe.

Hello all, I create a allMonit.html which have two iframe with src of two different monit http interface running on two different system allMonit.html structure http://firstserver:2812;> http://seconderver:2812;> Now when i open allMonit.html in chrome , i see two monit interfaces.