Dashboards & Visualizations

iframes and views broken after Splunk 6 upgrade

dannux
Path Finder

One of our main features broke after upgrading to version 6:

Problem

We have some custom views that allow users to get information without login. In order to do that we use insecure login and iframes.

http://docs.splunk.com/Documentation/Splunk/6.0/AdvancedDev/3rdParty#x1._Enable_insecure_login

I tested the insecure login and the view is working fine. However, when is coming in the iframe we do not have any display. Please note that this was working just before we did the upgrade.

This is my HTML code

<meta http-equiv="X-Frame-Options" content="allow" />
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<meta http-equiv="X-Frame-Options" content="allow" />

Splunk Stuff


<!-- content starts here -->

Test for insecure login


This is my view code


sourcetype="tpharma_admin" | timechart span="5m" avg(zCPU_IDLE) by source
-24h

line
time
right
FAST Admin Idle_CPU
<!-- Set Y axis to 100 -->
100
<!-- Time Range Button -->

Last 24 hours
True

<!-- Define JSChart insteadn of FlashChart -->



<module name="HiddenSearch" autoRun="True" layoutPanel="panel_row2_col1">
            <param name="search">sourcetype="tpharma_admin" | timechart span="5m" avg(free_memory) by source</param>
            <param name="earliest">-24h</param>
            <module name="HiddenChartFormatter">
            <param name="chart">column</param>
                            <param name="primaryAxisTitle.text">time</param>
    <param name="legend.placement">right</param>
    <param name="chartTitle">FAST Admin free_mem</param>
    <!--  Time Range Button  -->
    <module name="TimeRangePicker">
                            <param name="selected">Last 24 hours</param>
                            <param name="searchWhenChanged">True</param>
    <module name="JobProgressIndicator"/>
    <!--  Define JSChart  -->
    <module name="JSChart"/>
</module>
 </module>
      </module>
</view>

Thanks,
Dan

Tags (2)
1 Solution

hexx
Splunk Employee
Splunk Employee

In 5.0.5 and 6.0, as part of a security-related fix (reference SPL-65987) we disabled the ability to insecurely embed content on a remote site by default.

To restore this capability, you now need to make an explicit change in web.conf to the x_frame_options_sameorigin parameter and set it to False:

x_frame_options_sameorigin = [True | False]
    * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served by cherrypy
    * Defaults to True

View solution in original post

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...