I have an iFrame which is embedded in my own website hosted by Sharepoint. All was working fine until I upgraded from 5.0.4 to 5.0.5. The iFrame shows the following error:
I've had a look around and found this is due to X-Frame-Options SAMEORIGIN which is something to do with blocking iFrames from being embedded.
I have tried this in all browsers and am getting the same problem each time.
Any ideas how to overcome this?
I have the same problem and I have a case open with Splunk support. I will post any information as soon as I have an answer from them.
In 5.0.5 and 6.0, as part of a security-related fix (reference SPL-65987) we disabled the ability to insecurely embed content on a remote site by default.
To restore this capability, you now need to make an explicit change in web.conf to the
x_frame_options_sameorigin parameter and set it to
x_frame_options_sameorigin = [True | False] * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served by cherrypy * Defaults to True
a change was made in 5.0.5 and later versions to improve security and prevent clickjacking issues, this is what you're running into.
to implement this change, we set X-FRAME-OPTIONS=SAMEORIGIN in the header for all cherrypy served pages. this means that you can only iframe in pages coming from the same site.
we added a new web.conf setting: xframeoptions_sameorigin = [True | False] which defaults to True.
if you set this to False, your iframing will work again.