Enable X-Frame-Options

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
SETR
Posts: 45
Joined: Mon Jan 30, 2017 4:10 pm

Enable X-Frame-Options

Post by SETR »

Hello Support,

We are trying to integrate Nagios Web GUI into our custom site but we get the following error:

The content cannot be displayed in a frame. To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.

Anyway to disable this feature in Nagios to allow content display in a frame?

Regards,
Soumya
You do not have the required permissions to view the files attached to this post.
kyang

Re: Enable X-Frame-Options

Post by kyang »

Go to your home page of Nagios XI --> Admin --> System Settings --> "Security tab" --> Frame restrictions

Have you looked at this?
SETR
Posts: 45
Joined: Mon Jan 30, 2017 4:10 pm

Re: Enable X-Frame-Options

Post by SETR »

Hello Kyang,

Thank you for pointing me to the Security option. For some reason, adding our host to the security list does not work. Not sure if this is because we are using the web address. If we check disable it works but when we go to our site , the moment we navigate to the specific page where we have the frame, the page refreshes and takes us directly to our Nagiosxi portal instead of being shown under the frame. Any suggestions on how we can fix this?
kyang

Re: Enable X-Frame-Options

Post by kyang »

You would have to pass the full url with &username=nagiosadmin&ticket=whatever&req_frame_access=<ip> where ip is the server that is actually displaying the frame.

This has to match what was put in the allowed hosts in the security settings in XI.

The login page will break out of the frame if you are unauthenticated which is why you should login with the username and a ticket.
You can add specific hosts which require a ?req_frame_access=<host> GET or POST field set when placing a page into a frame not on the same origin and will keep the set frame name for the duration of the session.
From the security settings page.

Hope this helps!
SETR
Posts: 45
Joined: Mon Jan 30, 2017 4:10 pm

Re: Enable X-Frame-Options

Post by SETR »

What would be the ticket in my case? I am trying to incorporate the following address into a frame in Jira.

http://162.xx.xxx.xxx/nagiosxi/includes ... w=services
kyang

Re: Enable X-Frame-Options

Post by kyang »

The ticket is just for passing GET variables.
SETR
Posts: 45
Joined: Mon Jan 30, 2017 4:10 pm

Re: Enable X-Frame-Options

Post by SETR »

I just PM'ed you. Could you please check you Inbox?
kyang

Re: Enable X-Frame-Options

Post by kyang »

Received, and tested this out myself.

The URL works just fine when I tried it on incognito mode.

Code: Select all

192.168.4.125/nagiosxi/includes/components/xicore/status.php?show=services&username=nagiosadmin&ticket=PbnH4j5j&req_frame_access=<ip displaying>
SETR
Posts: 45
Joined: Mon Jan 30, 2017 4:10 pm

Re: Enable X-Frame-Options

Post by SETR »

The link does not work in a frame. Any other suggestions anyone?
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Enable X-Frame-Options

Post by npolovenko »

Hello, @SETR. Did you mean that the whole Xframe doesn't work or you're being redirected to login page again? Can you try to add http:// before the ip address.

Code: Select all

http://192.168.4.125/nagiosxi/includes/components/xicore/status.php?show=services&username=nagiosadmin&ticket=PbnH4j5j&req_frame_access=<ip displaying>
If that doesn't work can you post the source code for your Xframe so I could test it?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked