https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283463#M175646 <P>You can actually do this now, while etc/system/local/web.conf contains <CODE>x_frame_options_sameorigin = false</CODE> under the [settings] stanza, add </P> <BLOCKQUOTE> <P>replyHeader.Content-Security-Policy = frame-ancestors self</P> </BLOCKQUOTE> Thu, 06 Dec 2018 01:28:43 GMT ben_leung 2018-12-06T01:28:43Z https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283461#M175644 <P>Hello Splunksters,</P> <P>Well I am trying to keep a bit of security to avoid click-jacking, though find myself in a pickle..</P> <P>I have found this link: <A href="https://answers.splunk.com/answers/104277/iframes-and-views-broken-after-splunk-6-upgrade.html">https://answers.splunk.com/answers/104277/iframes-and-views-broken-after-splunk-6-upgrade.html</A></P> <P>Though I would like to make slight mod and allow for a specific site to have access and not just allow all with the "False" setting.</P> <P>Any ideas??</P> <P>Could I use the " # external UI URIs " setting in the web.conf somehow?</P> <P>Thanks!</P> Thu, 09 Feb 2017 16:01:28 GMT https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283461#M175644 rbardonetorian 2017-02-09T16:01:28Z https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283462#M175645 <P>Splunk uses x frame options header sameorigin. I also want to use allow-from but that is not supported on browsers like chrome and safari.<BR /> <A href="https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#X-Frame-Options_Header_Types">https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#X-Frame-Options_Header_Types</A></P> <P>If Splunk decided to use the header from Content-Security-Policy frame-ancestors, then you could state domains allowed.</P> Wed, 05 Dec 2018 19:52:22 GMT https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283462#M175645 ben_leung 2018-12-05T19:52:22Z https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283463#M175646 <P>You can actually do this now, while etc/system/local/web.conf contains <CODE>x_frame_options_sameorigin = false</CODE> under the [settings] stanza, add </P> <BLOCKQUOTE> <P>replyHeader.Content-Security-Policy = frame-ancestors self</P> </BLOCKQUOTE> Thu, 06 Dec 2018 01:28:43 GMT https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/283463#M175646 ben_leung 2018-12-06T01:28:43Z https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/541576#M175647 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/164886">@ben_leung</a>, it works quite well. I checked it with Splunk Enterprise 8.1.2. In this version it's not even needed to set <EM>x_frame_options_sameorigin</EM> to <EM>false</EM>. It will be automatically overruled if you're on a domain, which is allowed by the <EM>Content-Security-Policy</EM>&nbsp;.</P><P>We use it like this:</P><LI-CODE lang="markup">replyHeader.Content-Security-Policy = frame-ancestors self https://example1.com https://example2.com </LI-CODE> Fri, 26 Feb 2021 19:13:00 GMT https://community.splunk.com/t5/Splunk-Search/click-jacking-protection-options/m-p/541576#M175647 isachse 2021-02-26T19:13:00Z