Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use iframe in Splunk 8.x?

gilmanc
Explorer
‎04-06-2020 01:21 PM

Hi Folks,
Has anyone had success with using iframes in Splunk Enterprise 8.x yet? I have tested in multiple 8.0.1 environments and the panel fails to load, while the same code is working on 7.0.0 and 7.3.1 environments. Nothing I have seen from older posts is working yet. Here is the simple XML to try:

<panel>
  <title>COVID test for iFrame compatibility</title>
  <html>
    <center>
      <iframe src="https://covid-19.splunkforgood.com/coronavirus__covid_19_" width="100%" height="800px"/>
    </center>
  </html>
</panel>
Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

sbland_splunk
Splunk Employee
Splunk Employee
‎04-10-2020 12:08 PM

May want to check on the web.conf in your app/default/ folder. If it doesn't exist, you can create one and add the configurations that you want within your app. iframe is disabled in Splunk 8 by default for security reasons.

https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Webconf

[settings]

dashboard_html_allow_embeddable_content= true/false
dashboard_html_allow_iframes = true/false (default = false)

***** From the URL related to web.conf

dashboard_html_allow_inline_styles = <boolean>
* Whether or not to allow style attributes from inline HTML elements in dashboards.
* If "false", style attributes from inline HTML elements in dashboards will be removed 
  to prevent potential attacks.
* Default: true

dashboard_html_allow_embeddable_content = <boolean>
* Whether or not to allow <embed> and <iframe> HTML elements in dashboards.
* If set to "true", <embed> and <iframe> HTML elements in dashboards will not be removed 
  and can lead to a potential security risk.
* If set to the default value of "false", <embed> and <iframe> HTML elements will be stripped
  from the dashboard HTML.
* Default: false

dashboard_html_wrap_embed = <boolean>
* Whether or not to wrap <embed> HTML elements in dashboards with an <iframe>.
* If set to "false", <embed> HTML elements in dashboards will not be wrapped, leading to
  a potential security risk.
* If set to "true", <embed> HTML elements will be wrapped by an <iframe sandbox> element to help
  mitigate potential security risks.
* Default: true

dashboard_html_allow_iframes = <boolean>
* Whether or not to allow iframes from HTML elements in dashboards.
* If "false", iframes from HTML elements in dashboards will be removed to prevent
  potential attacks.
* Default: true

View solution in original post

Reply
Solved! Jump to solution

worshamn
Contributor
‎12-04-2020 12:30 PM

I was still having this problem in 8.0.6 despite having the the following settings set to true (was trying to view an embedded report from another Splunk server):

dashboard_html_allowed_embeddable_content = true
dashboard_html_allow_iframes = true


What ultimately fixed it in our case was upgrading to 8.1.0 and adding the new setting dashboard_html_allowed_domains and setting the specific hostname and port (would not work with just the hostname or wildcard domain for some reason) like so:

dashboard_html_allowed_domains = <hostname>.<company_domain>:8000

 

Reply
Solved! Jump to solution

mjones414
Contributor
‎01-12-2022 09:52 AM

Has something changed in 8.2.3 that would have broken this functionality?

We had this working up until a recent splunk upgrade and then it suddenly stopped:  I've confirmed that we are using the options above as well as the following sandbox options:

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="/app/lookup_editor/lookup_edit?lookup=$watchlist$&amp;namespace=MyAppTest&amp;type=csv&amp;owner=nobody" width="100%" height="400" border="0" frameborder="0"/>


Now it just says loading....

0 Karma
Reply
Solved! Jump to solution

sanderdenheijer
Explorer
‎05-04-2021 04:26 AM

Adding the following to web.conf fixed it for me, using Splunk 8.1.3:

[settings]
dashboard_html_allowed_embeddable_content = true
dashboard_html_allowed_domains = <hostname>.<company_domain>:8000

=== Addition ===

Above settings worked for a single instance.

In our clustered environment I got it working for accounts that log in using SAML by adding the following to web.conf:

[settings]
dashboard_html_allowed_embeddable_content = true
dashboard_html_allowed_domains = <hostname>.<company_domain>:8000, microsoftonline.com
x_frame_options_sameorigin = false

 Local accounts still get an error.

When looking at the console of my browser (F12 -> Console), I saw a 404 error mentioning the second domain that needed to be allowed.

Hope this helps!

0 Karma
Reply
Solved! Jump to solution

gilmanc
Explorer
‎04-16-2020 12:00 PM

See @sbland_splunk's answer for the solution
Set dashboard_html_allow_embeddable_content = true in local web.conf settings stanza

0 Karma
Reply
Solved! Jump to solution
Solution

sbland_splunk
Splunk Employee
Splunk Employee
‎04-10-2020 12:08 PM

May want to check on the web.conf in your app/default/ folder. If it doesn't exist, you can create one and add the configurations that you want within your app. iframe is disabled in Splunk 8 by default for security reasons.

https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Webconf

[settings]

dashboard_html_allow_embeddable_content= true/false
dashboard_html_allow_iframes = true/false (default = false)

***** From the URL related to web.conf

dashboard_html_allow_inline_styles = <boolean>
* Whether or not to allow style attributes from inline HTML elements in dashboards.
* If "false", style attributes from inline HTML elements in dashboards will be removed 
  to prevent potential attacks.
* Default: true

dashboard_html_allow_embeddable_content = <boolean>
* Whether or not to allow <embed> and <iframe> HTML elements in dashboards.
* If set to "true", <embed> and <iframe> HTML elements in dashboards will not be removed 
  and can lead to a potential security risk.
* If set to the default value of "false", <embed> and <iframe> HTML elements will be stripped
  from the dashboard HTML.
* Default: false

dashboard_html_wrap_embed = <boolean>
* Whether or not to wrap <embed> HTML elements in dashboards with an <iframe>.
* If set to "false", <embed> HTML elements in dashboards will not be wrapped, leading to
  a potential security risk.
* If set to "true", <embed> HTML elements will be wrapped by an <iframe sandbox> element to help
  mitigate potential security risks.
* Default: true

dashboard_html_allow_iframes = <boolean>
* Whether or not to allow iframes from HTML elements in dashboards.
* If "false", iframes from HTML elements in dashboards will be removed to prevent
  potential attacks.
* Default: true
Reply
Solved! Jump to solution

vishwa0220
Engager
‎03-05-2021 01:15 AM

But while executing inspect over that application which has settings in web.conf its giving error -

splunk-appinspect | Web.conf File Standards Ensure that web.conf is safe for cloud deployment and
splunk-appinspect | that any exposed patterns match endpoints defined by the app - apps should not
splunk-appinspect | expose endpoints other than their own. Including web.conf can have adverse
splunk-appinspect | impacts for cloud. Allow only [endpoint:*] and [expose:*] stanzas, with expose
splunk-appinspect | only containing pattern= and methods= properties. web.conf
splunk-appinspect | Check that web.conf only defines [endpoint:] and [expose:] stanzas,
splunk-appinspect | with [expose:*] only containing pattern= and methods=.
splunk-appinspect | FAILURE: Only the [endpoint:*] and [expose:*] stanzas are
splunk-appinspect | permitted in web.conf for cloud. Please remove this stanza from
splunk-appinspect | web.conf: [settings]. File: default/web.conf Line Number: 1

0 Karma
Reply
Solved! Jump to solution

gilmanc
Explorer
‎04-16-2020 11:56 AM

@sbland_splunk Thank you, this did it for me! I also heard back from Support via a ticket with the same response. For my environment, dashboard_html_allow_iframes was set to true and dashboard_html_allow_embeddable_content was set to false by default. So I had to add to my etc\system\local\web.conf the dashboard_html_allow_embeddable_content = true under [settings] and it worked after a restart!
Some other good details from Support:
Based on the description of the case, after reviewing the Splunk documentation for Splunk version 8.0.1, I found out that Splunk has removed some features in version 8.0.x, including
<iframe> and <embed>, please take a look on below link which contains the information about it:
https://docs.splunk.com/Documentation/Splunk/8.0.3/ReleaseNotes/Deprecatedfeatures#Removed_features_... In the above link it is recommended to use "html_allow_embeddable_content" flag in web.conf instead of <iframe> and <embed>.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎04-08-2020 12:54 PM

I definitely would open a support case on this.

0 Karma
Reply
Solved! Jump to solution

PavelP
Motivator
‎04-06-2020 10:33 PM

Hello gilmanc,

here is an example from Splunk Dashboard Examples app (https://splunkbase.splunk.com/app/1603/):

<dashboard>
  <label>Dashboard Display Controls</label>
  <description>Turn on or off display of common components like the header, title, edit controls.</description>
  <row>
    <panel>
      <html>
        <h2>Example iframe of a dashboard</h2>
        <p>Uses display controls via the http get param</p>
        <code>
          <![CDATA[<iframe src="/app/simple_xml_examples/simple_display_controls_example?hideChrome=true&hideEdit=true">]]>
        </code>


        <iframe src="/app/simple_xml_examples/simple_display_controls_example?hideChrome=true&amp;hideEdit=true" width="100%" height="400" border="0" frameborder="0"/>
      </html>
    </panel>
  </row>
</dashboard>

the simple XML reference (https://docs.splunk.com/Documentation/Splunk/8.0.2/Viz/PanelreferenceforSimplifiedXML#html) shows three ways to use src attribute, all of them point to the file on the same splunk server:

  • HTML file from the same app context
  • HTML file from a different app context
  • Image file

Until somebody corrects me, it seems that it is not possible to embed a web page from a remote server using iframe. Splunk converts html from simple XML to a javascript variable and builds the dashboard dynamically, sanitizing the input - where ( I think ) external references are being filtered out.

Reply
Solved! Jump to solution

gilmanc
Explorer
‎04-08-2020 10:36 AM

Hi @PavelP,
Thanks for pointing me this way for some reference. This page in the app fails to load the iframe referenced in the code in my 8.0.1 production and development environments. I checked my 7.3.1 environment and it loads correctly. This is essentially the problem I'm still having - that iframe doesn't seem to be working in 8.0.1 for me.

For images, I tend to use img instead of iframe, but good to know that is an option.

To your last point, I am able to load a remote web page using iframe in 7.3.1 and 7.0.0 environments and have done so with many different web pages. The exact XML above works in those 7.x environments.

0 Karma
Reply
Solved! Jump to solution

PavelP
Motivator
‎04-08-2020 01:50 PM

Thank you @gilmanc for the feedback, good to know! Never used iframe for a dashboard before. I hope you'll figure it out why it doesn't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...