DX Application Performance Management

  • Private Community

  • 1.  Unable to embed CEM content in Sharepoint Content/Frame

    Posted May 25, 2015 10:37 AM
      |   view attached

    Problem statement

    Unable to display CEM content Dashboard/Reports in Sharepoint frame

     

    Executing a link, for example:

    http://<MOM>:8081/wily/cem/tess/app/biz/tranPerformanceReport.html

     

    Result

    "...Publisher of this content does not allow it to be displayed in a frame (see attachement)

     

    Solutions

    Sharepoint 2010

    APM 9.7

     

    If allowed, what\where do we change the Jetty Webserver configuration?

     

    Any other suggestions are welcome

     

    Regards,

     

    Christo

    Attachment(s)

    docx
    Launch CEM Dashboards Frame Issue.docx   26 KB 1 version


  • 2.  Re: Unable to embed CEM content in Sharepoint Content/Frame

    Broadcom Employee
    Posted May 26, 2015 12:53 PM

    Hi Christo,

     

    you can change the property introscope.enterprisemanager.webserver.jetty.configurationFile in IntroscopeEnterpriseManager.properties to point to a custom jetty config file. Use em-jetty-config.xml in <EM>/config as base for your changes.

     

    Unfortunately I can't tell you what you have to change.

     

    Ciao,

    Guenter



  • 3.  Re: Unable to embed CEM content in Sharepoint Content/Frame
    Best Answer

    Posted May 28, 2015 12:56 PM

    Hi Guenter, Thank you for pointing us in the right direction,

     

    We are pursuing a setting - XFRAME_OPTIONS_DEFAULT=DENY/SAMEORIGIN but still to be confirmed how to apply it in APM Web Server

     

    Regards,

     

    Christo



  • 4.  Re: Unable to embed CEM content in Sharepoint Content/Frame

    Broadcom Employee
    Posted May 28, 2015 01:17 PM

    Hi Christo,

     

    the setting is probably hidden deep in one of the EM plugins. The easier way might be to route the request through an Apache and remove the header as described in iframe - Overcoming "Display forbidden by X-Frame-Options" - Stack Overflow:


    Or you can edit .htaccess if you want to remove X-Frame-Options from an entire directory. Just add the line: Header always unset X-Frame-Options

     

    There's also a javascript workaround on that page.

     

    Ciao,

    Guenter



  • 5.  Re: Unable to embed CEM content in Sharepoint Content/Frame

    Posted Jun 01, 2015 05:47 AM

    Hi Guenter,

     

       I will follow up on the options mentioned and feedback soon

     

    Once again, thank you

     

    Regards,

     

    Christo



  • 6.  Re: Unable to embed CEM content in Sharepoint Content/Frame

    Posted Jun 12, 2015 09:45 AM

    a Change was required in web.xml file located in com.wily.apm.tess_<version>.jar file HOWEVER do not implement this in Production - it will, apparently, expose you to ClickJacking!!



  • 7.  Re: Unable to embed CEM content in Sharepoint Content/Frame

    Broadcom Employee
    Posted Jun 13, 2015 03:13 AM

    Hi Christo,

     

    glad to hear you got it working . Unless the SharePoint page is exposed to the public Internet ClickJacking should not be a problem.

     

    Here is a link: Clickjacking Defense Cheat Sheet - OWASP. Did you remove the X-Frame-Options header completely or set it to ALLOW-FROM uri? That only works on IE9+ and FF18+

     

    Ciao,

    Guenter