DX Unified Infrastructure Management

We have been using an iframe for customer access to UMP to keep it grouped with other portals we publish. A while back browsers started enforcing stricter security to avoid clickjacking, and we had to configure UMP to permit it to be displayed in an iframe. It required manipulating these settings in portal-ext.properties to control the X-Frame-Options HTTP header:

http.header.x-frame-options.enabled=true
http.header.x-frame-options.whitelist.255.url=/
http.header.x-frame-options.whitelist.255.value=SAMEORIGIN
# http.header.x-frame-options.whitelist.0.url=/usm/jsp/standalone.jsp
# http.header.x-frame-options.whitelist.0.value=ALLOWALL

We now need to enable OC to work in an iframe. The portal-ext.properties file is gone, but we found conf/config.properties with roughly the same content. Adjusting these settings does not seem to help though. We found multiple sources online with explanations about how to set the X-Frame-Options header in Tomcat by updating web.xml (which we also found the conf/ directory), but we haven't been able to get our changes in that file to affect any results.

Is anyone successfully publishing OC in an iframe?

Thanks!

I would very much like an answer on this also. Trying to load published Operator Console published dashboards, but getting following problems

Original Message:
Sent: 01-20-2021 12:22 AM
From: Keith Kruepke
Subject: Access OC in iframe

We have been using an iframe for customer access to UMP to keep it grouped with other portals we publish. A while back browsers started enforcing stricter security to avoid clickjacking, and we had to configure UMP to permit it to be displayed in an iframe. It required manipulating these settings in portal-ext.properties to control the X-Frame-Options HTTP header:

http.header.x-frame-options.enabled=true
http.header.x-frame-options.whitelist.255.url=/
http.header.x-frame-options.whitelist.255.value=SAMEORIGIN
# http.header.x-frame-options.whitelist.0.url=/usm/jsp/standalone.jsp
# http.header.x-frame-options.whitelist.0.value=ALLOWALL

We now need to enable OC to work in an iframe. The portal-ext.properties file is gone, but we found conf/config.properties with roughly the same content. Adjusting these settings does not seem to help though. We found multiple sources online with explanations about how to set the X-Frame-Options header in Tomcat by updating web.xml (which we also found the conf/ directory), but we haven't been able to get our changes in that file to affect any results.

Is anyone successfully publishing OC in an iframe?

Thanks!

Hi Keith, Jan,

Defect DE517876

I've contacted Development for a response/answer.

I'll get back to you asap and also update this thread.

Steve

------------------------------
Support Engineer
Broadcom
US
------------------------------

Original Message:
Sent: 01-20-2021 12:22 AM
From: Keith Kruepke
Subject: Access OC in iframe

We have been using an iframe for customer access to UMP to keep it grouped with other portals we publish. A while back browsers started enforcing stricter security to avoid clickjacking, and we had to configure UMP to permit it to be displayed in an iframe. It required manipulating these settings in portal-ext.properties to control the X-Frame-Options HTTP header:

http.header.x-frame-options.enabled=true
http.header.x-frame-options.whitelist.255.url=/
http.header.x-frame-options.whitelist.255.value=SAMEORIGIN
# http.header.x-frame-options.whitelist.0.url=/usm/jsp/standalone.jsp
# http.header.x-frame-options.whitelist.0.value=ALLOWALL

We now need to enable OC to work in an iframe. The portal-ext.properties file is gone, but we found conf/config.properties with roughly the same content. Adjusting these settings does not seem to help though. We found multiple sources online with explanations about how to set the X-Frame-Options header in Tomcat by updating web.xml (which we also found the conf/ directory), but we haven't been able to get our changes in that file to affect any results.

Is anyone successfully publishing OC in an iframe?

Thanks!