Dashboards & Visualizations

How do I disable redirection warning?

tobelesp
Engager

After we upgraded to v9.0.1 we get a warning when following dashboard-generated links pointing "outside" splunk:

Redirecting away from Splunk
You are being redirected away from Splunk to the following URL:

https://[some non-splunk web-server]
Note that tokens embedded in a URL could contain sensitive information.

It comes with a "Don't show again" option, but it indeed shows again every time.
Is there somewhere to disable this warning?

Thanks

Labels (1)
1 Solution

elizabethl_splu
Splunk Employee
Splunk Employee

Hi there, thanks for posting this question! We will be adding a feature flag, as well as UI for adding trusted domains in the next on-prem release, so that you will have more control over redirection modal. Currently, the "do not show this again" applies per user, per session, per specific URL. If the URL changes (e.g. because a token value in the URL changes) the modal will display again. The intention is so that users will have an opportunity to verify they are only passing information they intended to when clicking on a link that redirects them out of Splunk. 

View solution in original post

dbhojani
Explorer

Yea,

The dashboard link is not directing to any external URL. It's same splunkcloud platform , but still it doesn't work. I've also added the trusted domain list but no luck. I think it could be possible because of DNS changes.

We are using akamai , so the cloud instance URL is no <stackname>.splunkcloud.com , it's different.

I'll check with splunk support. thanks for quick update 🙂

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

The Dashboards Trusted Domains List doesn't apply to redirection warnings until 9.0.2303, which is why it didn't work before. But yeah, if you're not able to use a relative URL for linking within the platform (e.g. /app/search/<dashboardId) then it's treated like an external URL

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hi there, thanks for posting this question! We will be adding a feature flag, as well as UI for adding trusted domains in the next on-prem release, so that you will have more control over redirection modal. Currently, the "do not show this again" applies per user, per session, per specific URL. If the URL changes (e.g. because a token value in the URL changes) the modal will display again. The intention is so that users will have an opportunity to verify they are only passing information they intended to when clicking on a link that redirects them out of Splunk. 

pschildein
Explorer

Hi, is there also a solution for on-premise installations?

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hi @pschildein, thanks for your question. The Dashboards Trusted Domains list will be made available in the new on-premise release. Unfortunately I do not have release dates to share at this time. 

0 Karma

bsayatovic2
Engager

Release dates aside, are we talking about 9.0.5, 9.1 or 10.0?

This has been a user-experience wrecking problem for us since 9.0 came out.  These redirect warnings are feature my team never wanted.  We build our own dashboards, and we know exactly where they're redirecting to.  Our ability to quickly go down a dashboard table and Ctrl+Click (Cmd+Click) the rows that interest us into new tabs has been disrupted.

I can't believe Splunk would add such an obnoxious feature without also adding a way to bypass it at the same time.  Atlassian does this all the time.  Now Splunk, too?!

apietersen
Contributor

Hi,

As far as I experience with Splunk Enterprise V9.1.0 this is still not solved/available. Please let me know how to disable this "feature" 😞

Ashleyp

elizabethl_splu
Splunk Employee
Splunk Employee

Hi @bsayatovic2, thank you for sharing your concerns. This was implemented for security reasons, but I can understand how it would be obnoxious. We are anticipating that the ability to disable this security feature will be available in 9.1, with all the caveats that release timing, release version numbers, and what's included in each version is subject to change. 

0 Karma

freeload101
Explorer

not sure we can mark this as a solution...buuut OK... My dashboard's going to be completely broken until then

0 Karma

SmeetsS
Engager

We currently have the same problem.

If the only goal is that the user does not have to perform any additional actions, the following code can be added as a .js file to your dashboard:

require([
        'underscore',
        'jquery',
        'splunkjs/mvc/simplexml/ready!'
], function (_, $) {
	$(document).click(function(){
                setTimeout(function(){
                var modal = $("div[data-test='modal']")
                if (modal !== undefined){
                        $("div[data-test='modal'] div[data-test='footer'] button[title='Not selected']").click()
                        $("div[data-test='modal'] div[data-test='footer'] button[label='Continue']").click()
                }},500);
        });
});

 

This is by no means a permanent or an efficient solution, but it solves the issue until @splunk provides whitelisting for enterprise edition.

splunk219783
Path Finder

@SmeetsS , if you have a moment could you clarify this? I'm unfamiliar with using custom javascript in Splunk.  I have a bunch of dashboards with this issue in the default launcher app.

I created a nopopup.js in etc/apps/launcher/appserver/static.  I then modified the dashboard statement in the source to:

<dashboard version="1.1" theme="dark" script="nopopup.js">

But this doesn't seem to work.  Am i missing something?

0 Karma

romux72
Explorer

Hi,

 

Try this please :

<dashboard version="1.1" theme="dark" script="launcher:nopopup.js">
0 Karma

andreasz
Path Finder

Nice workaround.
Thanks!

0 Karma

Thibault-C
Engager

Works like a charm. 😎

Tags (1)
0 Karma

andreasz
Path Finder

There is a new blog article about the topic:
https://www.splunk.com/en_us/blog/platform/improving-security-updates-to-classic-simplexml-dashboard... 

But it is not really helpful 😞

And the Dashboards Trusted Domains list (Settings > Server settings > Dashboards Trusted Domains List) seems to be found only in the cloud version.
What about the enterprise customers?

andreasz
Path Finder

Apparently Splunk remembers this only for the one row clicked.
I have tables with thousands of rows and redirect columns. So you would have to confirm for every single row. This makes no sense and is not usable.
@splunk: Is there a way to disable this via a .conf file?

andreasz
Path Finder

I digged a little deeper.

Here is a "run everywhere" demo dashboard.

<dashboard version="1.1">
  <label>Link Redirect</label>
  <row>
    <panel>
      <table>
        <search>
          <query>
            | makeresults 
            | eval movie = "Breaking Bad", id = "0903747" 
            | append [| makeresults | eval movie = "Better Call Saul", id = "3032476"]
            | table movie, id
          </query>
        </search>
        <drilldown>
          <condition field="movie">
            <link target="_blank">http://www.imdb.com/title/tt$row.id$</link>
          </condition>
        </drilldown>        
      </table>
    </panel>
  </row>
</dashboard>

Click on the 1. movie.
Choose "Don't show this again" and Continue.

Now we find the following entry in session storage (Chrome Developer Tools -> Application -> Session Storage):
Key: http://www.imdb.com/title/tt0903747
Value: true

Logout from Splunk and login in the same tab keeps the data.

Closing the tab deletes the entry from the session storage.
You get the same problem, if you open a new splunk tab. The entry is missing for this session.

From Google Search: "Use the local Storage object if you want some data to be on the browser. If you want it on the server, then use cookies, and the session storage is used when you want to destroy the data whenever that specific tab gets closed"

Practically user has to klick "Don't show this again" for every table row, in every browser and for every new tab / session.
How can you explain this to the user?

tobelesp
Engager

Yes, some .conf to whitelist full domains or at least hostnames would be great.

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...