manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:installation:requirements:best_practices [2021/03/17 14:40]
marinagen [ZBX-18006] Correct HTTP to HTTPS redirect for virtual host
manual:installation:requirements:best_practices [2021/04/08 13:34] (current)
martins-v screens/slideshows replaced by dashboards (ZBXNEXT-6288/6309)
Line 171: Line 171:
 By default, Zabbix is configured with //​X-Frame-Options HTTP response header// set to ''​SAMEORIGIN'',​ meaning that content can only be loaded in a frame that has the same origin as the page itself. By default, Zabbix is configured with //​X-Frame-Options HTTP response header// set to ''​SAMEORIGIN'',​ meaning that content can only be loaded in a frame that has the same origin as the page itself.
  
-Zabbix frontend elements that pull content from external URLs (namely, the URL [[:​manual/​web_interface/​frontend_sections/​monitoring/​dashboard/​widgets#​url|dashboard widget]]/​[[:​manual/​config/​visualization/​screens/​elements#​url|screen element]]) display retrieved content in a sandbox with all sandboxing restrictions enabled. ​+Zabbix frontend elements that pull content from external URLs (namely, the URL [[:​manual/​web_interface/​frontend_sections/​monitoring/​dashboard/​widgets#​url|dashboard widget]]) display retrieved content in a sandbox with all sandboxing restrictions enabled. ​
  
 These settings enhance the security of the Zabbix frontend and provide protection against XSS and clickjacking attacks. Super Admins can [[:​manual/​web_interface/​frontend_sections/​administration/​general#​security|modify]] //iframe sandboxing//​ and //​X-Frame-Options HTTP response header// parameters as needed. Please carefully weigh the risks and benefits before changing default settings. Turning sandboxing or X-Frame-Options off completely is not recommended. These settings enhance the security of the Zabbix frontend and provide protection against XSS and clickjacking attacks. Super Admins can [[:​manual/​web_interface/​frontend_sections/​administration/​general#​security|modify]] //iframe sandboxing//​ and //​X-Frame-Options HTTP response header// parameters as needed. Please carefully weigh the risks and benefits before changing default settings. Turning sandboxing or X-Frame-Options off completely is not recommended.