@seji Make sure you note down and inform them of the CF Ray ID that should show on all error pages. This will help them track down where the problem lies.
I get the following from CountryTraceRoute to that IP:
1 192.168.0.1 router.asus.com Reserved 0 ms 0 ms 0 ms 0 ms 64
2 22.214.171.124 ae6.no-323-rt1.get.n Norway 19 ms 1 ms 1 ms 7 ms 252
3 126.96.36.199 Norway 8 ms 2 ms 1 ms 4 ms 251
4 188.8.131.52 United States 1 ms 1 ms 1 ms 1 ms 60
Something must be up with the routing from your ISP.
@Gwen-Dragon I think the main lesson learned here should be that developers should never rely on the HTTP referer header for anything else than just basic statistics on where traffic is coming from and to keep tab of internal broken links.
One would think that in an internal web application all requests should be same-origin anyway, but of course if they use different hosts/ports or even change between http/https they have a problem.
I am however not of the opinion that developers and operators should constantly monitor the w3c and browser spec processes, not everyone has the time to do that. They should simply try not to use stuff for purposes they were never intended to be used for, so it doesn't break down the line. KISS.
@ruffpl What does the IPMI server use Java for? Does it even work? AFAIK Java plugins are no longer supported by modern browsers since most dropped NPAPI support several years ago.
There are several different ways to approach this problem to get rid of the warning:
You control the server, so you might be able to just delete the script from running by editing the source code, deleting it outright, or maybe some options.
You could find the script that triggers this warning and block it using either Vivaldi's built-in blocker (only in Snapshot for now), or an extension like uBlock Origin/uMatrix. You can find this with some detective work, either examining the source of the site or looking in the network tab of Devtools (F12).
Gets a bit technical, but I assume anyone running IPMI on their own server knows their way around web protocols 😉