Solved: Re: How do I disable redirection warning? - Page 2

tobelesp · ‎08-31-2022

After we upgraded to v9.0.1 we get a warning when following dashboard-generated links pointing "outside" splunk:

Redirecting away from Splunk

You are being redirected away from Splunk to the following URL:

https://[some non-splunk web-server]
Note that tokens embedded in a URL could contain sensitive information.

It comes with a "Don't show again" option, but it indeed shows again every time.
Is there somewhere to disable this warning?

Thanks

elizabethl_splu · ‎10-28-2022

Hi there, thanks for posting this question! We will be adding a feature flag, as well as UI for adding trusted domains in the next on-prem release, so that you will have more control over redirection modal. Currently, the "do not show this again" applies per user, per session, per specific URL. If the URL changes (e.g. because a token value in the URL changes) the modal will display again. The intention is so that users will have an opportunity to verify they are only passing information they intended to when clicking on a link that redirects them out of Splunk.

View solution in original post

elizabethl_splu · ‎05-02-2023

The Dashboards Trusted Domains List doesn't apply to redirection warnings until 9.0.2303, which is why it didn't work before. But yeah, if you're not able to use a relative URL for linking within the platform (e.g. /app/search/<dashboardId) then it's treated like an external URL

elizabethl_splu · ‎10-28-2022

Hi there, thanks for posting this question! We will be adding a feature flag, as well as UI for adding trusted domains in the next on-prem release, so that you will have more control over redirection modal. Currently, the "do not show this again" applies per user, per session, per specific URL. If the URL changes (e.g. because a token value in the URL changes) the modal will display again. The intention is so that users will have an opportunity to verify they are only passing information they intended to when clicking on a link that redirects them out of Splunk.

pschildein · ‎01-05-2023

Hi, is there also a solution for on-premise installations?

elizabethl_splu · ‎01-05-2023

Hi @pschildein, thanks for your question. The Dashboards Trusted Domains list will be made available in the new on-premise release. Unfortunately I do not have release dates to share at this time.

bsayatovic2 · ‎02-20-2023

Release dates aside, are we talking about 9.0.5, 9.1 or 10.0?

This has been a user-experience wrecking problem for us since 9.0 came out. These redirect warnings are feature my team never wanted. We build our own dashboards, and we know exactly where they're redirecting to. Our ability to quickly go down a dashboard table and Ctrl+Click (Cmd+Click) the rows that interest us into new tabs has been disrupted.

I can't believe Splunk would add such an obnoxious feature without also adding a way to bypass it at the same time. Atlassian does this all the time. Now Splunk, too?!

apietersen · ‎07-19-2023

Hi,

As far as I experience with Splunk Enterprise V9.1.0 this is still not solved/available. Please let me know how to disable this "feature" 😞

Ashleyp

elizabethl_splu · ‎02-21-2023

Hi @bsayatovic2, thank you for sharing your concerns. This was implemented for security reasons, but I can understand how it would be obnoxious. We are anticipating that the ability to disable this security feature will be available in 9.1, with all the caveats that release timing, release version numbers, and what's included in each version is subject to change.

freeload101 · ‎11-10-2022

not sure we can mark this as a solution...buuut OK... My dashboard's going to be completely broken until then

SmeetsS · ‎09-28-2022

We currently have the same problem.

If the only goal is that the user does not have to perform any additional actions, the following code can be added as a .js file to your dashboard:

require([
        'underscore',
        'jquery',
        'splunkjs/mvc/simplexml/ready!'
], function (_, $) {
	$(document).click(function(){
                setTimeout(function(){
                var modal = $("div[data-test='modal']")
                if (modal !== undefined){
                        $("div[data-test='modal'] div[data-test='footer'] button[title='Not selected']").click()
                        $("div[data-test='modal'] div[data-test='footer'] button[label='Continue']").click()
                }},500);
        });
});

This is by no means a permanent or an efficient solution, but it solves the issue until @splunk provides whitelisting for enterprise edition.

splunk219783 · ‎09-13-2023

@SmeetsS , if you have a moment could you clarify this? I'm unfamiliar with using custom javascript in Splunk. I have a bunch of dashboards with this issue in the default launcher app.

I created a nopopup.js in etc/apps/launcher/appserver/static. I then modified the dashboard statement in the source to:

But this doesn't seem to work. Am i missing something?

romux72 · ‎09-14-2023

Hi,

Try this please :

<dashboard version="1.1" theme="dark" script="launcher:nopopup.js">

andreasz · ‎09-28-2022

Nice workaround.
Thanks!

Thibault-C · ‎09-28-2022

Works like a charm. 😎

andreasz · ‎09-24-2022

There is a new blog article about the topic:
https://www.splunk.com/en_us/blog/platform/improving-security-updates-to-classic-simplexml-dashboard...

But it is not really helpful 😞

And the Dashboards Trusted Domains list (Settings > Server settings > Dashboards Trusted Domains List) seems to be found only in the cloud version.
What about the enterprise customers?

andreasz · ‎09-06-2022

Apparently Splunk remembers this only for the one row clicked.
I have tables with thousands of rows and redirect columns. So you would have to confirm for every single row. This makes no sense and is not usable.
@splunk: Is there a way to disable this via a .conf file?

andreasz · ‎09-25-2022

I digged a little deeper.

Here is a "run everywhere" demo dashboard.

<dashboard version="1.1">
  <label>Link Redirect</label>
  <row>
    <panel>
      <table>
        <search>
          <query>
            | makeresults 
            | eval movie = "Breaking Bad", id = "0903747" 
            | append [| makeresults | eval movie = "Better Call Saul", id = "3032476"]
            | table movie, id
          </query>
        </search>
        <drilldown>
          <condition field="movie">
            <link target="_blank">http://www.imdb.com/title/tt$row.id$</link>
          </condition>
        </drilldown>        
      </table>
    </panel>
  </row>
</dashboard>

Click on the 1. movie.
Choose "Don't show this again" and Continue.

Now we find the following entry in session storage (Chrome Developer Tools -> Application -> Session Storage):
Key: http://www.imdb.com/title/tt0903747
Value: true

Logout from Splunk and login in the same tab keeps the data.

Closing the tab deletes the entry from the session storage.
You get the same problem, if you open a new splunk tab. The entry is missing for this session.

From Google Search: "Use the local Storage object if you want some data to be on the browser. If you want it on the server, then use cookies, and the session storage is used when you want to destroy the data whenever that specific tab gets closed"

Practically user has to klick "Don't show this again" for every table row, in every browser and for every new tab / session.
How can you explain this to the user?

tobelesp · ‎09-06-2022

Yes, some .conf to whitelist full domains or at least hostnames would be great.

How do I disable redirection warning?

drilldown

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!