> Am 07.09.2017 um 09:07 schrieb Bhuvan Gupta :
>
> I create a allMonit.html which have two iframe with src of two different
> monit http interface running on two different system
Use apache2 with proxy:
ProxyPass /firstserver/ http://firstserver:2812/
ProxyPassReverse
I don't think you can easilly bypass the csrf mechanism when using iframe,
as one of its goal it to avoid this kind of usage (not related to monit),
you will need several hack to allow it if you cannot disable at monit level.
Maybe document yourself about csrf could help to find hacks.
Le 14
Hello,
the Access-Control-Allow-Credentials is dangerous header.
Monit uses state-less double-submit-cookie pattern for CSRF defence:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie
... the action will work when the request's
Any help will be nice
On Thu, Sep 7, 2017 at 12:37 PM, Bhuvan Gupta wrote:
> Hello all,
>
> I create a allMonit.html which have two iframe with src of two different
> monit http interface running on two different system
>
> allMonit.html structure
>
Hello all,
I create a allMonit.html which have two iframe with src of two different
monit http interface running on two different system
allMonit.html structure
http://firstserver:2812;>
http://seconderver:2812;>
Now when i open allMonit.html in chrome , i see two monit interfaces.