I don't think you can easilly bypass the csrf mechanism when using iframe, as one of its goal it to avoid this kind of usage (not related to monit), you will need several hack to allow it if you cannot disable at monit level.
Maybe document yourself about csrf could help to find hacks. Le 14 sept. 2017 6:13 AM, "Bhuvan Gupta" <[email protected]> a écrit : > Any help will be nice > > On Thu, Sep 7, 2017 at 12:37 PM, Bhuvan Gupta <[email protected]> wrote: > >> Hello all, >> >> I create a allMonit.html which have two iframe with src of two different >> monit http interface running on two different system >> >> allMonit.html structure >> <iframe src = "http://firstserver:2812";></iframe> >> <iframe src = "http://seconderver:2812";></iframe> >> >> Now when i open allMonit.html in chrome , i see two monit interfaces. >> GREAT >> >> Now if i try to let say "start a service" on one firstserver. I get >> invalid CSRF. >> >> Upon investigation i found that *without *iframe the http request >> contains a cookiee header like >> Cookie: >> securitytoken=6265d84a17c2715c7252c84d88a479cf >> Where as http request from iframe does not include cookie header. >> >> Upon further study, i found that since monit http response does not >> contain following header >> Access-Control-Allow-Credentials: true >> and hence browser will not transmit the cookie back to server. >> >> Now the question arises: >> >> *QUESTION: How to configure monit to add addition http header* >> >> Thanks >> *Bhuvan* >> >> >> >> >> > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general >
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
