> On 29 Aug 2017, at 21:10, Sergey B Kirpichev <skirpic...@gmail.com> wrote: > > On Tue, Aug 29, 2017 at 08:58:44PM +0200, mart...@tildeslash.com wrote: >> According to the output, the installed Monit version is 5.20.0 (first >> version with CSRF protection). The CSRF cookie in 5.20.0 was position >> dependent >> (https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check). The >> problem was fixed in Monit 5.21.0. > > Correct me, if I'm wrong. Workarround is (no-upgrade-solution): using > a dedicated TLD for monit?
Yes, dedicated FQDN for monit that will filtering out other cookies might solve the problem (provided no other cookie will be injected, for example by proxy).
