How to change x-frame-options header to samesite
418 views
Skip to first unread message
Martin Tuithof
May 16, 2023, 2:35:35 AM5/16/23
to Wazuh mailing list
Hi,
I woulth like the share my dashboard into another website but keeps saying
To protect your security will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.
is there any workaround for it ?
Thanks in advance !
Antonio David Gutiérrez
May 16, 2023, 3:06:48 AM5/16/23
to Wazuh mailing list
Hi Martin,
The recent Wazuh plugin sets the x-frame-options header to sameorigin in the response of the Wazuh dashboard or Kibana and this could be affecting all the responses of the server. Maybe this is the cause why you can not share the dashboard on another website. You could give it a try to change the value defined by the Wazuh plugin and see if this works.
The file that contains the definition of the x-frame-options response header is:
- Wazuh dashboard: /usr/share/wazuh-dashboard/plugins/wazuh/server/plugin.ts
- Kibana: /usr/share/kibana/plugins/wazuh/server/plugin.ts
You have to search in this file for the response header definition that should look like this:
core.http.registerOnPreResponse((request, response, toolkit) => {
const additionalHeaders = {
'x-frame-options': 'sameorigin'
};
return toolkit.next({
headers: additionalHeaders
});
});
Follow the steps:
1. Stop the Wazuh dashboard or Kibana server
2. Take a backup of the specified file to edit
3. Edit the value of the x-frame-options header definition in the specified file to the desired value
4. Restart the Wazuh dashboard or Kibana server
Note if you replace the Wazuh plugin or upgrade, this change will be lost, so you could have to apply it to the new plugin again.
The recent Wazuh plugin sets the x-frame-options header to sameorigin in the response of the Wazuh dashboard or Kibana and this could be affecting all the responses of the server. Maybe this is the cause why you can not share the dashboard on another website. You could give it a try to change the value defined by the Wazuh plugin and see if this works.
The file that contains the definition of the x-frame-options response header is:
- Wazuh dashboard: /usr/share/wazuh-dashboard/plugins/wazuh/server/plugin.ts
- Kibana: /usr/share/kibana/plugins/wazuh/server/plugin.ts
You have to search in this file for the response header definition that should look like this:
core.http.registerOnPreResponse((request, response, toolkit) => {
const additionalHeaders = {
'x-frame-options': 'sameorigin'
};
return toolkit.next({
headers: additionalHeaders
});
});
Follow the steps:
1. Stop the Wazuh dashboard or Kibana server
2. Take a backup of the specified file to edit
3. Edit the value of the x-frame-options header definition in the specified file to the desired value
4. Restart the Wazuh dashboard or Kibana server
Note if you replace the Wazuh plugin or upgrade, this change will be lost, so you could have to apply it to the new plugin again.
Martin Tuithof
May 16, 2023, 4:41:25 AM5/16/23
to Wazuh mailing list
Thanks its working now !
i changed the value to ALLOW-FROM
Op dinsdag 16 mei 2023 om 09:06:48 UTC+2 schreef Antonio David Gutiérrez:
Reply all
Reply to author
Forward
0 new messages