Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi,
We are trying to access parent HTML elements using Custom Visualization but cannot access them because X-Frame-Options security.
We tried to add Content-Security-Policy in the web config file available at the following location, but it is not working any suggestion.
C:\Program Files\Microsoft Power BI Report Server\PBIRS\ReportServer
As what I observed, the on-premises PBI version and SSRS 2016+ version have this response header (X-Frame-Options) added on. However, the PBI.com does not have the same header. On the other hand, the older SSRS version 2014 or earlier do not have the same header. If it is the security concern, it should apply across the versions. Also, AD FS 2019 is still allowing to remove the header (https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security-he...). I need to know how to remove the header for on-premises PBI and SSRS 2019 since we are hosting them internally and locked down all the securities. Any help will be appreciated.
This is by design. Custom visuals run inside a restricted "sandbox" and they are not allowed to interact with any of the parent html elements
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
15 | |
7 | |
5 | |
3 | |
3 |