search

Fidi / Web-Status

Web interface that displays json files as charts.
MIT License
0 stars 0 forks source link

Problem with loading .jsons with HTTP basic auth #5

Open nudelfabrik opened 9 years ago

nudelfabrik commented 9 years ago

When providing the .jsons with HTTP-Basic auth, Chrome warns about "loading insecure scripts" and needs authentication. Safari issues no warning, but does not load data.

nginx.conf

location /statusboard {
    autoindex on; 
    auth_basic "Restricted"; 
    auth_basic_user_file $PATH/.passwd; 
} 
location /statusboard/web-status { 
    location ~* /statusboard/web-status/.*.php$ { 
        fastcgi_split_path_info ^(.+\.php)(.*)$; 
        fastcgi_pass   unix:/tmp/php5-fpm.sock; 
        fastcgi_index  index.php; 
        include fastcgi_params; 
        fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name; 
    } 
}
Fidi commented 9 years ago

There is yet another problem: The restricted section of the parent directory does not allow access even if relative paths are used such as "../load.json".

Needs further investigation