perfsonar-user - Re: [perfsonar-user] time-series graphs breakage - dashboard separate from central MA - Content Security Policy js?
Subject: perfSONAR User Q&A and Other Discussion
List archive
Re: [perfsonar-user] time-series graphs breakage - dashboard separate from central MA - Content Security Policy js?
Chronological Thread
- From: Michael Johnson <>
- To: John Hess <>
- Cc:
- Subject: Re: [perfsonar-user] time-series graphs breakage - dashboard separate from central MA - Content Security Policy js?
- Date: Fri, 28 Jul 2017 13:21:58 -0400
- Ironport-phdr: 9a23:STQPyxGI3eDqG85ukhJqVZ1GYnF86YWxBRYc798ds5kLTJ7zoMqwAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6jAf90VWHBBU95fWSJBHI2ycogBD+QOMulEsobypUADrRSiCQS2Hu7j1iNEi33w0KYn0+ohCwbG3Ak4EtwJsXTbsNX1O70MXuCx0aLGyTLDb/NQ2Tfm74jIdA0qrPaJXbJycsfd11IiFwzBjlWXsoPqJTeV1uIKs2eH9eZgVP+vh3Q5pA5svzii38EhgZTHiIISz1DL7yR5wIAtKN22U0F3e9ukH4VIuyCUN4t5WN8iQm9nuCogzb0Go5G7cDAWx5s5wR7fauCIf5KO4h39SOadOTh4hHN5eLK/mha96lKsxfH7Vsmx1ltBsylLksHUu3wQ2BHe7tKLRuZ880qhwzqDyg7e5+5eLU02mqfWLYMqzKQqmZoJq0vDGzf7mEXog6+ScUUp4u2o5P7mYrXivJOTK5N0hR3kPqQhgMy/B+M4PRQUU2ia5OSwzqPs8lDkQLlSj/02lLfWsIzCKMgGqaO0BxVZ3psi5hu/FTuqzdoVkHYdIF9Hdx+Ll43pNEvPIPD8A/e/mVOskDJzyvDDPL3sAYvBI2PMkLflerZy8FRTyA41zdBY+51YELABIO/pVkDvqdPYEwc1MxaozOb/FNV9yoQeVHqXAqCHKqPSv0SI5uUpI+aWfo8ZoSv9K+M76P70lnI5nV4dfbK13ZsMdny0BPVmI0OFYXXymNcBF3kFvhYgQODwllKNTCNTND6OWPce4TE9QKKrFpyLEoKtjaea9Cy2GJxdIGdcBQbfP23vctChWvwMYS+Wau1mkjofUr7pH4ojhUuGuwv9wbNjKO3fvCwF85/vyY4mtKXoiRgu+GksXIym2GaXQjQxxztQSg==
Hi John,
Thanks for the detailed report.
It does look like this is related to some HTTP headers we changed recently.
We made some changes to tighten up security by only allowing things to be
embedded in specific ways we allow.
It appears that this means it's not working for you in this use case. What
you can do to make it work is, point your Maddash config at
https://ps-ma-lax.cenic.net/perfsonar-graphs/ rather than
https://ps-dashboard.cenic.net/perfsonar/graphs/
This may mean we need to rethink our header restrictions to accommodate this
use case. Currently, /perfsonar-graphs has to be on the same host as the MA,
which is why you're seeing this error. We'll give it some more consideration.
Thanks,
Michael
On Fri, Jul 28, 2017 at 09:37:00AM -0700, John Hess wrote:
hi,
i recently separated our central esmond MA to a distinct physical server,
ps-ma-lax.cenic.net, from the host (VM) on which our pS MaDDash is running,
ps-dashboard.cenic.net. the time-series graphs had been working well — up
until they stopped working a day or two ago.
i am tracking perfsonar-staging on both systems w/auto-updates enabled. the
dashboard VM has pulled in perfsonar-graphs 4.0.1 v0.1.rc1.el6. (after
clearing browser data) within the browser -> Graph pane, the region which
would otherwise display the graphs now displays this error:
Error loading data
Error retrieving data
Can’t connect to ps-ma-lax.cenic.net:443 (connect: Network is unreachable)
the (Chrome browser) javascript console log has these entries:
dojo.js:15 [Deprecation] Synchronous XMLHttpRequest on the main thread is
deprecated because of its detrimental effects to the end user's experience.
For more help, check https://xhr.spec.whatwg.org/.
req.getText @ dojo.js:15
jquery.min.js:6 Refused to connect to
'https://ps-ma-lax.cenic.net/esmond/perfsonar/archive/?source=ps-svl-10g.cenic.net&destination=melange.noc.ucdavis.edu'
because it violates the following Content Security Policy directive: "default-src
'self' ". Note that 'connect-src' was not explicitly set, so 'default-src' is used as
a fallback.
send @ jquery.min.js:6
jquery.min.js:6 Refused to connect to
'https://ps-ma-lax.cenic.net/esmond/perfsonar/archive/?source=melange.noc.ucdavis.edu&destination=ps-svl-10g.cenic.net'
because it violates the following Content Security Policy directive: "default-src
'self' ". Note that 'connect-src' was not explicitly set, so 'default-src' is used as
a fallback.
send @ jquery.min.js:6
/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=https%3A%2F%2Fps-ma-lax.cenic.net%2Fesmond%2Fperfsonar%2Farchive%2F%3Fsource%3Dps-svl-10g.cenic.net%26destination%3Dmelange.noc.ucdavis.edu
Failed to load resource: the server responded with a status of 500 (Internal
Server Error)
/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=https%3A%2F%2Fps-ma-lax.cenic.net%2Fesmond%2Fperfsonar%2Farchive%2F%3Fsource%3Dmelange.noc.ucdavis.edu%26destination%3Dps-svl-10g.cenic.net
Failed to load resource: the server responded with a status of 500 (Internal
Server Error)
bundle.js:10315 Warning: Each child in an array or iterator should have a unique
"key" prop. Check the render method of `ChartHeader`. See
https://fb.me/react-warning-keys for more information.
warning @ bundle.js:10315
——
i did not find a good match for the symptom among the open perfsonar/graphs
issues on GitHub:
https://github.com/perfsonar/graphs/issues
though closed issue #85 ‘Add security headers for graphs’ looked interesting.
thanks,
john
--
Michael Johnson
GlobalNOC Software Engineering
Indiana University
812-856-2771
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [perfsonar-user] time-series graphs breakage - dashboard separate from central MA - Content Security Policy js?, John Hess, 07/28/2017
- Re: [perfsonar-user] time-series graphs breakage - dashboard separate from central MA - Content Security Policy js?, Michael Johnson, 07/28/2017
Archive powered by MHonArc 2.6.19.