Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk 5.0.5 upgrade stopping iFrames from working??

watsm10
Communicator
‎09-26-2013 03:44 AM

Hi all,

I have an iFrame which is embedded in my own website hosted by Sharepoint. All was working fine until I upgraded from 5.0.4 to 5.0.5. The iFrame shows the following error:

alt text

I've had a look around and found this is due to X-Frame-Options SAMEORIGIN which is something to do with blocking iFrames from being embedded.

I have tried this in all browsers and am getting the same problem each time.

Any ideas how to overcome this?

Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎10-09-2013 12:49 PM

In 5.0.5 and 6.0, as part of a security-related fix (reference SPL-65987) we disabled the ability to insecurely embed content on a remote site by default.

To restore this capability, you now need to make an explicit change in web.conf to the x_frame_options_sameorigin parameter and set it to False:

x_frame_options_sameorigin = [True | False]
    * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served by cherrypy
    * Defaults to True

View solution in original post

Reply
Solved! Jump to solution

piebob
Splunk Employee
Splunk Employee
‎10-09-2013 12:50 PM

a change was made in 5.0.5 and later versions to improve security and prevent clickjacking issues, this is what you're running into.

to implement this change, we set X-FRAME-OPTIONS=SAMEORIGIN in the header for all cherrypy served pages. this means that you can only iframe in pages coming from the same site.

we added a new web.conf setting: x_frame_options_sameorigin = [True | False] which defaults to True.

if you set this to False, your iframing will work again.

Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎10-09-2013 12:49 PM

In 5.0.5 and 6.0, as part of a security-related fix (reference SPL-65987) we disabled the ability to insecurely embed content on a remote site by default.

To restore this capability, you now need to make an explicit change in web.conf to the x_frame_options_sameorigin parameter and set it to False:

x_frame_options_sameorigin = [True | False]
    * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served by cherrypy
    * Defaults to True
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎10-09-2013 12:29 PM

Link to dannux's original posting: http://answers.splunk.com/answers/104277/iframes-and-views-broken-after-splunk-6-upgrade

0 Karma
Reply
Solved! Jump to solution

yumlu
Engager
‎10-07-2013 08:15 AM

hi dannux,
i have the same problem with 6.0. Can you let me know after your case is closed?
thanks

0 Karma
Reply
Solved! Jump to solution

watsm10
Communicator
‎10-03-2013 01:43 AM

Thank you. I would be very grateful.

0 Karma
Reply
Solved! Jump to solution

dannux
Path Finder
‎10-01-2013 10:53 AM

I have the same problem and I have a case open with Splunk support. I will post any information as soon as I have an answer from them.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...