Solved: Re: X-Frame-Options - remove deny, set sameorigin

darioapis · ‎02-19-2019

Hi, my problem is explained in the heading. I need to remove X-Frame-Options: deny from the HTTP header and change it to sameorigin. Possible it is in web.conf. Any help is advisable.

chrisyounger · ‎02-19-2019

You can't set it to sameorigin. You can only remove the header all together as you have seen by changing web.conf and setting x_frame_options_sameorigin = false. This will mean you can then embed Splunk in a frame if you want.

If it is important that you set the header to be sameorigin then you would need to use something like a nginx proxy over the top of Splunk. (fairly easy to do)

View solution in original post

chrisyounger · ‎02-19-2019

You can't set it to sameorigin. You can only remove the header all together as you have seen by changing web.conf and setting x_frame_options_sameorigin = false. This will mean you can then embed Splunk in a frame if you want.

If it is important that you set the header to be sameorigin then you would need to use something like a nginx proxy over the top of Splunk. (fairly easy to do)

X-Frame-Options - remove deny, set sameorigin

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio