I'm having trouble embedding views and dashboards in iframes on external
pages.
https://checkmk.com/cms_views.html says "Since every view is accessible via
a URL you can also embed these in other websites, for example via an
<iframe>."
However this simply isn't working for us. In Firefox we get the following
message: "Blocked by Content Security Policy. This page has a content
security policy that prevents it from being loaded in this way." It does
this with the most basic HTML iframe page possible.
This is presumably coming from an X-Frame-Options or Content Security
Policy header inside CheckMK, but I've been unable to find any way of
altering those headers. We've tried every possible combination of HTTP and
HTTPS (e.g. https only, https forced redirect, etc, plain http) in case
that had an affect.
Iâm having trouble embedding views and dashboards in iframes on external pages.
https://checkmk.com/cms_views.html says âSince every view is accessible via a URL you can also embed these in other websites, for example via an
However this simply isnât working for us. In Firefox we get the following message: âBlocked by Content Security Policy. This page has a content security policy that prevents it from being loaded in this way.â It does this with the most basic HTML iframe page
possible.
This is presumably coming from an X-Frame-Options or Content Security Policy header inside CheckMK, but Iâve been unable to find any way of altering those headers. Weâve tried every possible combination of HTTP and HTTPS (e.g. https only, https forced redirect,
etc, plain http) in case that had an affect.
Thanks Rich! Updating the particular line you specified didnât work, but you pointed me to the right file and from there I was able to comment out all the Content-Security-Policy lines and that was enough to get the iframe we needed working. I will go back and add in/tweak policies to get it to the proper secure configuration.