KB439549:How to Set the X-Frame-Options to Load a Dossier Dashboard from a different Application Server using MicroStrategy Embedding SDK 10.10

• Strategy

Unable to Load a Dossier Dashboard Using MicroStrategy Embedding SDK 10.10

Starting with the release of Strategy ONE (March 2024), dossiers are also known as dashboards.
SYMPTOM:
After following the Embedding API Quick Start Guide the Dossier dashboard does not load as expected and the following error is seen in the browser's console log:

CAUSE:
This is issue occurs if the sample is not deployed in the same application server running the Strategy Library application. The

X-Frame-Options

HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. For more details regarding X-Frame-Options refer to:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
SOLUTION:
If the sample is deployed on a different application server other than the one running the Strategy Library application, additional configuration must be performed. By default, the HTTP header X-Frame-Options in StrategyLibrary is set to SAMEORIGIN. The following steps show how to change that default behavior:

On the machine where StrategyLibrary is installed go to StrategyLibrary\WEB-INF\classes\config.
Open the file security_headers-index.properties in a text editor to edit it.
Notice that the first line says X-Frame-Options=SAMEORIGIN.
In a new line enter the following Content-Security-Policy=frame-ancestors http://domain
Save the file and restart you application server.

The example provided in this document is provided “as-is” and user has read the following customization warning:
ADDITIONAL INFORMATION:
The Strategy SDK allows you to customize several Strategy products and extend and integrate the Strategy business intelligence functionality into other applications. However, before changing the way Strategy products look or behave, it is helpful to understand how the application is built. For more information regarding the Strategy products or the process of customizing Strategy products, please refer to Strategy Developer Zone (https://developer.microstrategy.com).
To access the Strategy Developer Zone, you must have access to the Strategy Knowledge Base, you must have purchased the Strategy SDK, and you must be current on your Strategy maintenance agreement. If you are a US-based business and believe that you satisfy all three of these conditions but you do not have access to the Strategy Developer Zone, please contact Strategy Technical Support at support@microstrategy.com or at (703) 848-8700. If you are an international business, please contact Strategy Technical Support at the appropriate email address or phone number found at https://www.microstrategy.com/us/services/support/contact.
CUSTOMIZATION WARNING:
This customization is provided as a convenience to Strategy users and is only directly applicable to the version stated. While this code may apply to other releases directly, Strategy Technical Support makes no guarantees that the code provided will apply to any future or previous builds. In the event of a code change in future builds, Strategy Technical Support makes no guarantee that an updated version of this particular customization will be provided. In the event of a code change in future builds, Strategy may not be able to provide additional code on this matter even though this customization is provided at this time for this specific build. For enhancements to this customization or to incorporate similar functionality into other versions, contact your Account Executive to inquire about Strategy Consulting assistance. 000039549 KB439549

Comment

0 comments

Details

Knowledge Article

Published:

January 29, 2018

Last Updated:

March 21, 2024