-
1. Re: How to configure x-frame option in TSPS?
Betty NeumannAug 8, 2019 8:06 AM (in response to Akshata Shelke)
Akshata, I have an older use case where others were trying to use X-Frame within TSPS. This is not recommended.
In the use case there was an attempt to embed a tsps dashboard in an external dashboard result in the following error -
Refused to display 'https://mytspsurl.com/#/dashboard/89' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Is there a setting that will allow us to workaround this issue?
Use - case scenario: Part of a pilot for demonstrating value driven by our tools, the request is to aggregate dashboards from our tools into a
single screen, a one-stop shop for mission-critical data across tools.
There are attempts to embed the entire TSPS application screen in an iframe, however, this option does not seem to be working with TrueSight.
From
a BMC standpoint, this cannot be supported. Researching the issue shows that allowing the embedded frames is not good and may cause a clickjack
security issue. So it is not supported and not recommended by BMC.
However, there is a way to do this based on the details below:
https://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe
The
X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>,
<iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
The solution is to install a browser plugin. Again, this is not recommended by BMC as it will pose security risks.
A web site which issues HTTP Header X-Frame-Options with a value of DENY (or SAMEORIGIN with a different server origin) cannot be integrated into
an IFRAME... unless you change this behavior by installing a Browser plugin which ignores the X-Frame-Options Header (e.g. Chrome's Ignore
X-Frame Headers - https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe).
Note that this not recommended at all for security reasons. BMC will not support this configuration so it should not be used. The purpose of this
Knowledge Article is to explain the issue and why it is not wise to use this type of embedded dashboard configuration.So while the scenarios are a bit different, the non-support of X-Frame options remains. It is not recommended and not supported.