Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?


Chronological Thread 
  • From: Michael Johnson <>
  • To:
  • Cc:
  • Subject: Re: [perfsonar-user] Enabling CORS in perfsonar/toolkit?
  • Date: Tue, 12 Dec 2017 11:07:52 -0500
  • Ironport-phdr: 9a23:7GggkhbH9W94yOIEb1xdUS//LSx+4OfEezUN459isYplN5qZoMW/bnLW6fgltlLVR4KTs6sC17KP9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA38G/ZlNF+gqFVoB2uuxNw3ozbbZqaNPZiZK7QZ88WSXZfUstXSidPApm8b4wKD+cZOuhYrpXyp1sUohSgAQmnGefhyjhIhn/wxq061OIhGhzB0QwlHdIDs2rYoc76NKcWVuC617PHzTHFb/NRxTjx8onIcg07rf6SQL1wbNPcxE8yHA3LiVWQrJbqPzKT1ukVtGia4fBvVfm3i2I9rAFxuDevy8ExgYfKnoIY0k7I+TllzIooINC0VU12bsCnHZZVuSGaOZd6Tt8nTm12tis3z7gLtJy7cSUM1Z8p3QTQa+adfIiN+h/jVPieITN/hH99fbKwnRey8Uy6xuLgSsm7zExGriVfktnKsXACywbf6smaSvdn4EiuxCuP2xjS6uFCP080ibLWJ4A9zrIsi5YetFnPEyzol0j1iaKWeEsk9vS05+nifLnrqJqROop2hwz+Kqgun9awAeU8MggARWib/uG82aXm/U37Q7hGkOY7kqbdsJDdPssUvKq5AwlS0ok/8Rq/Diqm3M4GknYaMVJJYAiHgJTxO1HSPPD4Cu+yg0yynzdxyfDGJbrhApPXIXjZibvhYK195FBGyAcoydBf5olUCq0aIP7tQEPxtdrYDgMnPAyuxeboFsl92p0EVW2RH6CZLfCajVjd6fksIvGUaZU9uSu7JvQ4tND0inpsvF4WfaCk2dM1b3C+BfNgaxGcYyq2qtgFFm0Dugw5R6rrlRuPXSMFNCX6ZL41+jxuUNHuNozEXI342LE=

Hi Grant,

I'm glad to hear you're using the Toolkit API in your project! It was
designed to accommodate use cases like yours, although I don't know how many
people actually use it that way.

The CORS headers are part of the Apache configuration. Specifically, this
file:

/etc/httpd/conf.d/apache-toolkit_web_gui.conf

You could change the values for these options, or comment them out if you
want it wide open.

Under
<Directory "/usr/lib/perfsonar/web-ng/root">


Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy

This site has some good information about the secure headers options you have
available:
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers

Thanks,
Michael

On Tue, Dec 12, 2017 at 12:38:14AM +0000,

wrote:
I am unfamiliar with cgi scripts and was wondering if someone could help point
me to where in the toolkit source I need to edit to allow CORS.

I am trying to access /toolkit/services/host.cgi?method=<etc> like an API for
some PS metrics we are exposing through an internal app.

- Grant

--
Michael Johnson
GlobalNOC Software Engineering
Indiana University

812-856-2771

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19.

Top of Page