Has something changed in 8.2.3 that would have broken this functionality?

We had this working up until a recent splunk upgrade and then it suddenly stopped:  I've confirmed that we are using the options above as well as the following sandbox options:

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="/app/lookup_editor/lookup_edit?lookup=$watchlist$&amp;namespace=MyAppTest&amp;type=csv&amp;owner=nobody" width="100%" height="400" border="0" frameborder="0"/>

Now it just says loading....

Adding the following to web.conf fixed it for me, using Splunk 8.1.3:

[settings]
dashboard_html_allowed_embeddable_content = true
dashboard_html_allowed_domains = <hostname>.<company_domain>:8000

=== Addition ===

Above settings worked for a single instance.

In our clustered environment I got it working for accounts that log in using SAML by adding the following to web.conf:

[settings]
dashboard_html_allowed_embeddable_content = true
dashboard_html_allowed_domains = <hostname>.<company_domain>:8000, microsoftonline.com
x_frame_options_sameorigin = false

 Local accounts still get an error.

When looking at the console of my browser (F12 -> Console), I saw a 404 error mentioning the second domain that needed to be allowed.

Hope this helps!

But while executing inspect over that application which has settings in web.conf its giving error -

splunk-appinspect | Web.conf File Standards Ensure that web.conf is safe for cloud deployment and
splunk-appinspect | that any exposed patterns match endpoints defined by the app - apps should not
splunk-appinspect | expose endpoints other than their own. Including web.conf can have adverse
splunk-appinspect | impacts for cloud. Allow only [endpoint:*] and [expose:*] stanzas, with expose
splunk-appinspect | only containing pattern= and methods= properties. web.conf
splunk-appinspect | Check that web.conf only defines [endpoint:] and [expose:] stanzas,
splunk-appinspect | with [expose:*] only containing pattern= and methods=.
splunk-appinspect | FAILURE: Only the [endpoint:*] and [expose:*] stanzas are
splunk-appinspect | permitted in web.conf for cloud. Please remove this stanza from
splunk-appinspect | web.conf: [settings]. File: default/web.conf Line Number: 1

@sbland_splunk Thank you, this did it for me! I also heard back from Support via a ticket with the same response. For my environment, dashboard_html_allow_iframes was set to true and dashboard_html_allow_embeddable_content was set to false by default. So I had to add to my etc\system\local\web.conf the dashboard_html_allow_embeddable_content = true under [settings] and it worked after a restart!
Some other good details from Support:
Based on the description of the case, after reviewing the Splunk documentation for Splunk version 8.0.1, I found out that Splunk has removed some features in version 8.0.x, including
<iframe> and <embed>, please take a look on below link which contains the information about it:
https://docs.splunk.com/Documentation/Splunk/8.0.3/ReleaseNotes/Deprecatedfeatures#Removed_features_... In the above link it is recommended to use "html_allow_embeddable_content" flag in web.conf instead of <iframe> and <embed>.

Hi @PavelP,
Thanks for pointing me this way for some reference. This page in the app fails to load the iframe referenced in the code in my 8.0.1 production and development environments. I checked my 7.3.1 environment and it loads correctly. This is essentially the problem I'm still having - that iframe doesn't seem to be working in 8.0.1 for me.

For images, I tend to use img instead of iframe, but good to know that is an option.

To your last point, I am able to load a remote web page using iframe in 7.3.1 and 7.0.0 environments and have done so with many different web pages. The exact XML above works in those 7.x environments.

Thank you @gilmanc for the feedback, good to know! Never used iframe for a dashboard before. I hope you'll figure it out why it doesn't work.