Dashboards & Visualizations

Why is an embedded dashboard in iframe not working for Chrome?


We have a simple XML dashboard in our splunk implementation which works fine when browsing splunk web.
We embedded this dashboard in another web through an iframe like follows:


<iframe src="https://Splunk-Server:8000/account/insecurelogin?username=USER&password=PASWROD&return_to=/app/My-App/Dashboard-to-embed"></iframe>


This works fine on firefox, but chrome doesn't load it.
We suspect that chrome is blocking the iframe contents because it won't load splunk's cookies in a third-party web-page, as per this article: https://blog.heroku.com/chrome-changes-samesite-cookie

In short, we don't know how to configure splunk's cookie flags to allow them being loaded cross-domain. (SameSite=None, Secure)
Or really, if this is the problem at all...
We would apreciate any help you can provide. Thank you.

Labels (2)
0 Karma

New Member

I know this is an old post, but did you ever figure out how to get this to work? I am having the same problem.

0 Karma


It's been very long and my memory may be wrong but I think what solved this were some simple configurations in the web.conf file.

x_frame_options_sameorigin = false
verifyCookiesWorkDuringLogin = false
dashboard_html_allowed_domains = XXX.XXX.XXX.XXX,*.your-domain.com

Where XXX.XXX.XXX.XXX is some IP. It accepts wildcards.
I recommend you take a look at the docs about these settings before taking my word for it.

Hope I was able to help. Good Luck.

0 Karma
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! &#x1f308; In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...