I use Firefox usually. I have 60.0.1 (64 bit) version of Firefox. On this browser monit's preview under Show Monit tab in ISP works well. I have connected to monit all services including node instances. On Chrome - version 66.0.3359.181 (Official) (64-bit) - I see nice white square without content. I attach screens. PS I checked this on two PCs.
this can happen depending on some enforced rules by the browser like: don't allow mixed content ( ispconfig via tls and monit without tls ) or displaying of 3rd party domains in frames ( monit is linked differently than ispconfig is called ), disabled use of authentification via url ( generated link is proto://user:authpass@domain ) or some other related issue.
Thank you for answer. Server use https://s1.example.com and monit https://s1.example.com:2812. Both with green padlock - LetsEncrypt. In ISP when linked monit and munit I also have to set credentials. I checked both on incognito mode.
God... Soon browsers will block all including google.com, because of security. Thank you man! It's crazy.
Hey thinks improved aswell..... remember the early days where you had to check/acceppt every single cookie? luckily nowdays ppl know how to set their cookie preferences .... except politicians -.-
Haha nice! PS I suppose that soon Firefox and other web browsers go this same way as Chrome and Monit feature will stop working in ISPconfig. Do the devs think how resolve it?
I think the developers already have a solution to this last time I checked in the git. But my simple solution for now is to open monit by its own page in the browser as the page is already secured. You can also already change its port number to whatever you want so public won't easily get to it.
Haven't checked the git, but to add some value to this thread: https://github.com/tabixio/tabix/issues/38 similar issue, http auth not working with provides user/pass. Solution posted by elithrar includes the use of Access-Control-Allow-Origin and Access-Control-Allow-Credentials see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials so far so well known, but one thing at least I didn't consider... It might be, for whatever reason, someone is logged in using a proxy and needs to check some munin stats.... Use some kind of proxy-detection and ask the user wether he is aware of the proxy/possible insecure transmission of credentials.
