I'm having trouble getting this working in 6.5.0. I used this exact snippet from another question about iframes where they did get it working:
<dashboard>
<label>Test</label>
<row>
<html>
<h2>Embedded Web Page!</h2>
<iframe src="http://www.splunk.com" width="100%" height="300" style="border:none;">></iframe>
</html>
</row>
</dashboard>
But what I see is:
Any thoughts on why the iframe wouldn't be displaying?
The problem that you are having is that recently Splunk has added some settings to control this type of content and defaulted dashboard_html_allow_embeddable_content
to false
. In order to get it to work, try enabling these settings in web.conf
:
dashboard_html_allow_inline_styles = <boolean>
* Whether or not to allow style attributes from inline HTML elements in dashboards.
* If "false", style attributes from inline HTML elements in dashboards will be removed
to prevent potential attacks.
* Default: true
dashboard_html_allow_embeddable_content = <boolean>
* Whether or not to allow <embed> and <iframe> HTML elements in dashboards.
* If set to "true", <embed> and <iframe> HTML elements in dashboards will not be removed
and can lead to a potential security risk.
* If set to the default value of "false", <embed> and <iframe> HTML elements will be stripped
from the dashboard HTML.
* Default: false
dashboard_html_wrap_embed = <boolean>
* Whether or not to wrap <embed> HTML elements in dashboards with an <iframe>.
* If set to "false", <embed> HTML elements in dashboards will not be wrapped, leading to
a potential security risk.
* If set to "true", <embed> HTML elements will be wrapped by an <iframe sandbox> element to help
mitigate potential security risks.
* Default: true
dashboard_html_allow_iframes = <boolean>
* Whether or not to allow iframes from HTML elements in dashboards.
* If "false", iframes from HTML elements in dashboards will be removed to prevent
potential attacks.
* Default: true
I tried this in Splunk 8.0.6, but that did not work, I change this in system/local/web.conf n server.conf and also app/lical
try this, in your web.conf add these
[settings]
dashboard_html_allow_embeddable_content = true
dashboard_html_allowed_domains = <domain-name> (for. eg--> *.youtube.com)
Tried this , but no luck.....I see same error x-frame-options set to sameorigin
It's splunk 8.0.6
can you please share the code, which you are trying
This is something I tried
Web.conf--
dashboard_html_allow_inline_styles = true
dashboard_html_allow_embeddable_content= true
dashboard_html_allow_embeddable_content=true
dashboard_html_wrap_embed=true
dashboard_html_allow_iframes=true
dashboard_html_allowed_domains = https://youtube.com
replace "https://youtube.com" with *.youtube.com
It should work then
did not make any difference, I know this was work when doing this in splunk 8.1 but my splunk 8.0.6, it's still shown
X-frame-options to sameorigin
did you try setting this to 'false' in web.conf ?
x_frame_options_sameorigin = <boolean> * adds a X-Frame-Options header set to "SAMEORIGIN" to every response served * by cherrypy * Default: true
Yes I tried that as well..
One curious thing....I see few of the example working fine like -https://intellectualpoint.com ...but when tried for https://tableau.com that did not work and I see same errror
I was having the same issue and I opened a support ticket with Splunk. iframe does work in 6.5.x but in the example (which has an extra ">") it is using http://www.splunk.com in which Splunk's support informed me prevents anyone from embedding their website inside an iframe (google does the same as well). There is a useful site to help see if a site allows being embedded in an iframe (which is related to "X-Frame-Options" header but apparently not the only way to stop it):
http://www.tinywebgallery.com/blog/advanced-iframe/free-iframe-checker
Try this code instead:
<dashboard>
<row>
<panel>
<title>Test iframe</title>
<html>
<iframe src="https://www.cloudera.com" width="100%" height="300" style="border:none;"></iframe>
</html>
</panel>
</row>
</dashboard>