perfsonar-user - Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Michael Johnson <>
- To:
- Cc:
- Subject: Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?
- Date: Tue, 12 Dec 2017 11:07:52 -0500
- Ironport-phdr: 9a23:7GggkhbH9W94yOIEb1xdUS//LSx+4OfEezUN459isYplN5qZoMW/bnLW6fgltlLVR4KTs6sC17KP9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA38G/ZlNF+gqFVoB2uuxNw3ozbbZqaNPZiZK7QZ88WSXZfUstXSidPApm8b4wKD+cZOuhYrpXyp1sUohSgAQmnGefhyjhIhn/wxq061OIhGhzB0QwlHdIDs2rYoc76NKcWVuC617PHzTHFb/NRxTjx8onIcg07rf6SQL1wbNPcxE8yHA3LiVWQrJbqPzKT1ukVtGia4fBvVfm3i2I9rAFxuDevy8ExgYfKnoIY0k7I+TllzIooINC0VU12bsCnHZZVuSGaOZd6Tt8nTm12tis3z7gLtJy7cSUM1Z8p3QTQa+adfIiN+h/jVPieITN/hH99fbKwnRey8Uy6xuLgSsm7zExGriVfktnKsXACywbf6smaSvdn4EiuxCuP2xjS6uFCP080ibLWJ4A9zrIsi5YetFnPEyzol0j1iaKWeEsk9vS05+nifLnrqJqROop2hwz+Kqgun9awAeU8MggARWib/uG82aXm/U37Q7hGkOY7kqbdsJDdPssUvKq5AwlS0ok/8Rq/Diqm3M4GknYaMVJJYAiHgJTxO1HSPPD4Cu+yg0yynzdxyfDGJbrhApPXIXjZibvhYK195FBGyAcoydBf5olUCq0aIP7tQEPxtdrYDgMnPAyuxeboFsl92p0EVW2RH6CZLfCajVjd6fksIvGUaZU9uSu7JvQ4tND0inpsvF4WfaCk2dM1b3C+BfNgaxGcYyq2qtgFFm0Dugw5R6rrlRuPXSMFNCX6ZL41+jxuUNHuNozEXI342LE=
Hi Grant,
I'm glad to hear you're using the Toolkit API in your project! It was
designed to accommodate use cases like yours, although I don't know how many
people actually use it that way.
The CORS headers are part of the Apache configuration. Specifically, this
file:
/etc/httpd/conf.d/apache-toolkit_web_gui.conf
You could change the values for these options, or comment them out if you
want it wide open.
Under
<Directory "/usr/lib/perfsonar/web-ng/root">
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy
This site has some good information about the secure headers options you have
available:
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers
Thanks,
Michael
On Tue, Dec 12, 2017 at 12:38:14AM +0000,
wrote:
I am unfamiliar with cgi scripts and was wondering if someone could help point
me to where in the toolkit source I need to edit to allow CORS.
I am trying to access /toolkit/services/host.cgi?method=<etc> like an API for
some PS metrics we are exposing through an internal app.
- Grant
--
Michael Johnson
GlobalNOC Software Engineering
Indiana University
812-856-2771
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [perfsonar-user] Enabling CORS in perfsonar/toolkit?, gskipper, 12/12/2017
- Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?, Michael Johnson, 12/12/2017
Archive powered by MHonArc 2.6.19.