Archive
Highlighted

Splunk 5.0.5 upgrade stopping iFrames from working??

Contributor

Hi all,

I have an iFrame which is embedded in my own website hosted by Sharepoint. All was working fine until I upgraded from 5.0.4 to 5.0.5. The iFrame shows the following error:

alt text

I've had a look around and found this is due to X-Frame-Options SAMEORIGIN which is something to do with blocking iFrames from being embedded.

I have tried this in all browsers and am getting the same problem each time.

Any ideas how to overcome this?

Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Path Finder

I have the same problem and I have a case open with Splunk support. I will post any information as soon as I have an answer from them.

0 Karma
Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Contributor

Thank you. I would be very grateful.

0 Karma
Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Engager

hi dannux,
i have the same problem with 6.0. Can you let me know after your case is closed?
thanks

0 Karma
Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Splunk Employee
Splunk Employee
0 Karma
Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Splunk Employee
Splunk Employee

In 5.0.5 and 6.0, as part of a security-related fix (reference SPL-65987) we disabled the ability to insecurely embed content on a remote site by default.

To restore this capability, you now need to make an explicit change in web.conf to the x_frame_options_sameorigin parameter and set it to False:

x_frame_options_sameorigin = [True | False]
    * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served by cherrypy
    * Defaults to True

View solution in original post

Highlighted

Re: Splunk 5.0.5 upgrade stopping iFrames from working??

Splunk Employee
Splunk Employee

a change was made in 5.0.5 and later versions to improve security and prevent clickjacking issues, this is what you're running into.

to implement this change, we set X-FRAME-OPTIONS=SAMEORIGIN in the header for all cherrypy served pages. this means that you can only iframe in pages coming from the same site.

we added a new web.conf setting: xframeoptions_sameorigin = [True | False] which defaults to True.

if you set this to False, your iframing will work again.