Page 1 of 2
Enable X-Frame-Options
Posted: Fri Oct 13, 2017 4:29 pm
by SETR
Hello Support,
We are trying to integrate Nagios Web GUI into our custom site but we get the following error:
The content cannot be displayed in a frame. To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
Anyway to disable this feature in Nagios to allow content display in a frame?
Regards,
Soumya
Re: Enable X-Frame-Options
Posted: Mon Oct 16, 2017 9:32 am
by kyang
Go to your home page of Nagios XI --> Admin --> System Settings --> "Security tab" --> Frame restrictions
Have you looked at this?
Re: Enable X-Frame-Options
Posted: Mon Oct 16, 2017 2:16 pm
by SETR
Hello Kyang,
Thank you for pointing me to the Security option. For some reason, adding our host to the security list does not work. Not sure if this is because we are using the web address. If we check disable it works but when we go to our site , the moment we navigate to the specific page where we have the frame, the page refreshes and takes us directly to our Nagiosxi portal instead of being shown under the frame. Any suggestions on how we can fix this?
Re: Enable X-Frame-Options
Posted: Mon Oct 16, 2017 2:36 pm
by kyang
You would have to pass the full url with &username=nagiosadmin&ticket=whatever&req_frame_access=<ip> where ip is the server that is actually displaying the frame.
This has to match what was put in the allowed hosts in the security settings in XI.
The login page will break out of the frame if you are unauthenticated which is why you should login with the username and a ticket.
You can add specific hosts which require a ?req_frame_access=<host> GET or POST field set when placing a page into a frame not on the same origin and will keep the set frame name for the duration of the session.
From the security settings page.
Hope this helps!
Re: Enable X-Frame-Options
Posted: Tue Oct 17, 2017 10:16 am
by SETR
What would be the ticket in my case? I am trying to incorporate the following address into a frame in Jira.
http://162.xx.xxx.xxx/nagiosxi/includes ... w=services
Re: Enable X-Frame-Options
Posted: Tue Oct 17, 2017 11:02 am
by kyang
The ticket is just for passing GET variables.
Re: Enable X-Frame-Options
Posted: Tue Oct 17, 2017 11:36 am
by SETR
I just PM'ed you. Could you please check you Inbox?
Re: Enable X-Frame-Options
Posted: Tue Oct 17, 2017 1:52 pm
by kyang
Received, and tested this out myself.
The URL works just fine when I tried it on incognito mode.
Code: Select all
192.168.4.125/nagiosxi/includes/components/xicore/status.php?show=services&username=nagiosadmin&ticket=PbnH4j5j&req_frame_access=<ip displaying>
Re: Enable X-Frame-Options
Posted: Mon Oct 23, 2017 7:13 am
by SETR
The link does not work in a frame. Any other suggestions anyone?
Re: Enable X-Frame-Options
Posted: Mon Oct 23, 2017 1:36 pm
by npolovenko
Hello,
@SETR. Did you mean that the whole Xframe doesn't work or you're being redirected to login page again? Can you try to add http:// before the ip address.
Code: Select all
http://192.168.4.125/nagiosxi/includes/components/xicore/status.php?show=services&username=nagiosadmin&ticket=PbnH4j5j&req_frame_access=<ip displaying>
If that doesn't work can you post the source code for your Xframe so I could test it?