Dashboards & Visualizations

X-Frame-Options - remove deny, set sameorigin

darioapis
Explorer

Hi, my problem is explained in the heading. I need to remove X-Frame-Options: deny from the HTTP header and change it to sameorigin. Possible it is in web.conf. Any help is advisable.

Tags (1)
0 Karma
1 Solution

chrisyounger
SplunkTrust
SplunkTrust

You can't set it to sameorigin. You can only remove the header all together as you have seen by changing web.conf and setting x_frame_options_sameorigin = false. This will mean you can then embed Splunk in a frame if you want.

If it is important that you set the header to be sameorigin then you would need to use something like a nginx proxy over the top of Splunk. (fairly easy to do)

View solution in original post

chrisyounger
SplunkTrust
SplunkTrust

You can't set it to sameorigin. You can only remove the header all together as you have seen by changing web.conf and setting x_frame_options_sameorigin = false. This will mean you can then embed Splunk in a frame if you want.

If it is important that you set the header to be sameorigin then you would need to use something like a nginx proxy over the top of Splunk. (fairly easy to do)

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...