Security

Why does the embedding no longer works if the user is logged in after 7.0 upgrade?

eugenek
Path Finder

Since upgrading to Splunk 7.0.2, embedded reports show up as blank if the user is logged in to the search head from which the report is served.

Using browser's developer tools, when the user is logged in, I can see that a 403 error is returned from a call to:
/splunkd/__raw/servicesNS/username/-/data/ui/visualizations?...

When not logged in, a successful response comes back from:
/splunkd/__raw/servicesNS/-/-/data/ui/visualizations?...

Seems that 7.0.2 is including the username in the request, when 6.5.2 did not.

Looking in source of the page that is returned when the embedding link is loaded into the iframe, the suspect difference seems to be that the call to /en-US/config now includes: crossorigin="use-credentials".

alt text

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...