Developing for Splunk Platform

Splunk 8 iframe cannot access dashboard within the Splunk instance

GoodKnight
Observer

Hi guys,

Recently, I've been working on migration from Splunk 7 to Splunk 8. But I run into a little bit trouble with iframe.  It was used to embed one of the dashboards within another dashboard, both of which are part of my Splunk app. And it was working fine with Splunk 7.3.X.

However, in Splunk 8.0.4 and 8.0.5, it seems not able to reference any of the dashboards within the Splunk instance. All it shows is "Loading...", but if it points to some website outside the Splunk instance, it works fine as shown in the screenshots below:

GoodKnight_0-1595837713894.png

I've identified that it has nothing to do with the system web.conf/server.conf. I've enabled iframe and inline-style content and some other options, but they don't change the behavior of my iframe. 

Then I investigated the network traffic using the browser inspector. It seems in Splunk 8 whenever dashboard visualization is starting to initialize, a GET request is sent like this: localhost:8000/en-us/config?autoload=1. And normally it should receive a response with a list of configuration settings. In my case, this request is sent twice. First time is for the initialization of the main dashboard and the second time is for that of the dashboard that is intended to load in the iframe. But the second request will never receive a correct response. Instead, it always says CORS Missing Allow Origin and thus it's always blocked by the browser.

OK, CORS then. But noooo, again, it has nothing to do with the CORS-related options in the system web.conf/server.conf. If I put a * to allow all cross-origin use, it says setting it to * won't allow the use of credentials. So it seems when this request is launched, it specifically asks to exchange credential and setting * to allow all corss-origin use do no allow exchange of crendentials. So I put 127.0.0.1:8000 localhost:8000 trying to white-list the local Splunk server. But it still doesn't work. 

The behavioral difference between Splunk 7 and 8 is that, in Splunk 7, the localhost:8000/en-us/config?autoload=1request only sent once when the main dashboard is initializing. I'm guessing this is to improve the security features of the Splunk, but somehow it's killing iframe in my case...

So, has anyone encountered such issue? Is there a workaround to resolve it?

 

Labels (3)
Tags (2)
0 Karma

sajjanshetty15
Observer

Hi @GoodKnight , even i am facing a similar issue.....have you found any solution for this??

0 Karma

abhullar_splunk
Splunk Employee
Splunk Employee

Had a customer whose issue was resolved after adding both ports 8443(reverse proxy) and port 3002(The port splunk web is listening on) to dashboard_html_allowed_domains

etc/apps/app_x/default/web.conf dashboard_html_allowed_domains = *.domain.com:xxxx

Add the port number at the end of the allowed domains and should work. 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...