29 Nov
2017
29 Nov
'17
5:26 p.m.
On 11/29/2017 3:22 AM, Peter Welter wrote:
I will try the setting:
XYMON_NOCSPHEADER="TRUE"
This will bypass the problem by suppressing all CSP headers on those pages. This will leave those pages and forms vulnerable to Cross-Site hacks; intentional, accidental, and incidental. It may also fail to work on near-future browser releases.
I wouldn't consider "NOCSPHEADER" to be anything more than a troubleshooting flag. It's just to easy for content from the clients to make its way onto pages.
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Department of Administration State of Alaska