Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hi,
We are trying to access parent HTML elements using Custom Visualization but cannot access them because X-Frame-Options security.
We tried to add Content-Security-Policy in the web config file available at the following location, but it is not working any suggestion.
C:\Program Files\Microsoft Power BI Report Server\PBIRS\ReportServer
As what I observed, the on-premises PBI version and SSRS 2016+ version have this response header (X-Frame-Options) added on. However, the PBI.com does not have the same header. On the other hand, the older SSRS version 2014 or earlier do not have the same header. If it is the security concern, it should apply across the versions. Also, AD FS 2019 is still allowing to remove the header (https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security-he...). I need to know how to remove the header for on-premises PBI and SSRS 2019 since we are hosting them internally and locked down all the securities. Any help will be appreciated.
This is by design. Custom visuals run inside a restricted "sandbox" and they are not allowed to interact with any of the parent html elements
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |