Hi,
I’ve got this working. You need to edit the line:
Header
always append Content-Security-Policy "frame-ancestors ‘self’
to be like this:
Header
always append Content-Security-Policy “frame-ancestors ‘self’ <parent_site_url>”
e.g for my Grafana test instance I have:
Header
always append Content-Security-Policy “frame-ancestors ‘self’ http://192.168.0.204:3000”
The file you’re looking for is:
/opt/omd/sites//etc/apache/conf.d/security.conf
You need to restart OMD afterwards.
Cheers,
Rich
···
From: checkmk-en checkmk-en-bounces@lists.mathias-kettner.de on behalf of Michael Sauder michael.sauder@gmail.com
Sent: 31 October 2019 19:32
To: checkmk-en@lists.mathias-kettner.de
Subject: [Check_mk (english)] Views and dashboards in external iframes
I’m having trouble embedding views and dashboards in iframes on external pages.
https://checkmk.com/cms_views.html says “Since every view is accessible via a URL you can also embed these in other websites, for example via an
However this simply isn’t working for us. In Firefox we get the following message: “Blocked by Content Security Policy. This page has a content security policy that prevents it from being loaded in this way.” It does this with the most basic HTML iframe page
possible.
This is presumably coming from an X-Frame-Options or Content Security Policy header inside CheckMK, but I’ve been unable to find any way of altering those headers. We’ve tried every possible combination of HTTP and HTTPS (e.g. https only, https forced redirect,
etc, plain http) in case that had an affect.
Running CEE 1.6.0 VM appliance.
Any ideas?
Thanks,
Michael