Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes! Register now.

Reply
vlemon
Frequent Visitor

Power BI On Premise Report Server X-Frame-Options

‎02-19-2021 01:19 AM

Hi,

We are trying to access parent HTML elements using Custom Visualization but cannot access them because X-Frame-Options security.

We tried to add Content-Security-Policy in the web config file available at the following location, but it is not working any suggestion.

C:\Program Files\Microsoft Power BI Report Server\PBIRS\ReportServer

Message 1 of 3
2,232 Views
0
2 REPLIES 2
jwu
New Member

‎05-02-2022 02:14 PM

As what I observed, the on-premises PBI version and SSRS 2016+ version have this response header (X-Frame-Options) added on. However, the PBI.com does not have the same header. On the other hand, the older SSRS version 2014 or earlier do not have the same header. If it is the security concern, it should apply across the versions. Also, AD FS 2019 is still allowing to remove the header (https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security-he...). I need to know how to remove the header for on-premises PBI and SSRS 2019 since we are hosting them internally and locked down all the securities. Any help will be appreciated.

Message 3 of 3
1,945 Views
0
d_gosbell
Super User
Super User

‎02-21-2021 08:28 PM

This is by design. Custom visuals run inside a restricted "sandbox" and they are not allowed to interact with any of the parent html elements

Message 2 of 3
2,166 Views

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All