DavidFW1960
(David Williams)
September 25, 2018, 12:12am
1
Hi there,
I’m getting an error trying to use Portainer in an iFrame.
In chrome it’s just blank but in Edge I get this error displayed:
I also think it’s something to do with the x-frame-options detailed here: Allow disable X-Frame-Options: deny dashboard response header · Issue #2279 · portainer/portainer · GitHub
My Caddyfile looks like this:
my-domain.duckdns.org {
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
}
proxy / localhost:8123 {
websocket
transparent
}
}
portainer.my-domain.duckdns.org {
proxy / localhost:9000 {
websocket
transparent
}
}
I can load portainer via https://portainer.my-domain.duckdns.org :xxxxx just not in a frame.
Anyone have a suggestion?
Whitestrake
(Matthew Fay)
September 25, 2018, 12:26am
2
Yeah, the X-Frame-Options
header will cause that issue, but I don’t think it’s your header that’s doing it. It’s the one coming from Portainer itself, which you’re proxying to.
From the linked issue, it looks like Portainer sends X-Frame-Options: deny
, which completely disallows iframes. The suggestion is made to use proxy_hide_header X-Frame-Options;
, for which Caddy has an equivalent you can add to your proxy directive for Portainer: header_downstream -X-Frame-Options
.
https://caddyserver.com/docs/proxy
DavidFW1960
(David Williams)
September 25, 2018, 12:32am
3
Are you able to show me how to do that? Looked at the doc but it’s not clear to me what I should do.
Whitestrake
(Matthew Fay)
September 25, 2018, 12:34am
4
Have a look at the advanced syntax section, where it shows the form of the directive with the braced block ( {
and }
) and the subdirectives inside.
header_downstream
is one of the subdirectives listed there. Put it inside the brace block, similarly to the subdirectives in the examples:
https://caddyserver.com/docs/proxy#examples
1 Like
DavidFW1960
(David Williams)
September 25, 2018, 12:39am
5
So…
my-domain.duckdns.org {
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
}
proxy / localhost:8123 {
websocket
transparent
}
}
portainer.my-domain.duckdns.org {
proxy / localhost:9000 {
websocket
transparent
header_downstream -X-Frame-Options
}
}
Is that all or is it in the right place?
EDIT: OK I did that and it fixed it.
Looks good to me, give it a shot and see what happens.
system
(system)
Closed
December 24, 2018, 2:36am
7
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.