Announcement

Collapse
No announcement yet.

Cant load zabbix pages in iframe anymore

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Cant load zabbix pages in iframe anymore

    Hi Guys,

    We are using zabbix for a few years now. In our welcome hall we have a big screen with some rotated slides containing information about our it infrastructure. One of the slides contained an Iframe in which we loaded a specific zabbix screen.

    This always worked perfect till recently when we updated to the latest version of zabbix. Since then is not possible to load any zabbix page in an iframe. The iframes stay blank :'-(

    I've been searching if could find something add like SAMEORIGIN, X-FRAME-OPTIONS, CSP, ALLOW FROM, etc But i could not find anything that possible could have been added in one of the latest updates. I can't find also nothing about it in the releasenotes/changelogs.

    Does any one know if zabbix added this as a new security feature or maybe changed something in the httpd configuration? It there a way to get this fixed (or disabled)?

    Thanks in advance

    #2
    We use also a Frameset, at the top area Zabbix, at the buttom a newsticker and clock... since 3.4.4 zabbix sends a X-Frame Header....

    you can commant out the Line 131 in /usr/share/zabbix/include/page_header.php

    PHP Code:
    header('X-Frame-Options: '.$x_frame_options); 
    but it is removed on every update, not so cool methode...

    better:
    you can use Addons in the Browser to ignore X-Frame Header

    for Chrome use: https://chrome.google.com/webstore/d...kamfmkohkpodhe

    works fine for us

    Comment


      #3
      But why? And how it can be unset via zabbix interface or config files?
      It is not cool at all...

      Comment


        #4
        https://www.zabbix.com/documentation...e_zabbix_setup

        Comment


          #5
          For reasons please see also https://support.zabbix.com/browse/ZBX-13133.

          Instead of commenting out line 131 in includes/page_header.php, it is better to change the value of X_FRAME_OPTIONS. Please take a look at section "HTTP headers" in include/defines.inc.php.

          Comment

          Working...
          X