I'm trying to set up a screen in our office to display the Jenkins dashboard and the state of all our pipelines. This is an HTML page with an iframe for Jenkins, as the same page displays status for other tools as well. For the Jenkins view, I'm getting:
``` The loading of “http://foobar.local/view/main_dashboard/” in a frame is denied by “X-Frame-Options“ directive set to “sameorigin“. ``` due to `X-Frame-Options sameorigin` being set by the server. I want to disable sameorigin checks for a specific IP address in our LAN, as our internal Jenkins instance is not accessible over the internet. Things I've tried include: * Adding `jenkins.security.FrameOptionsPageDecorator.enabled=false` into Jenkins cmd params, as documented in the [system properties manual](https://www.jenkins.io/doc/book/managing/system-properties/). This didn't do anything. * Installing [cors-filter](https://plugins.jenkins.io/cors-filter/) and tweaking with its settings. No changes to the headers. I tried configuring the allowed origins with `http://x.x.x.x` (the IP) and `*` (allow all) for GET requests. * Installing [xframe-filter](https://plugins.jenkins.io/xframe-filter-plugin/) and disabling sameorigin checks. Still a no go. * I also tried rebooting Jenkins between the CMD argument changes and the plugin configurations. I'm running Jenkins 2.277.4 with nginx proxy passing data into it without TLS, as this is an internal network. Here's the relevant part of my nginx config: ``` location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { # rewrite all static files into requests to the root # E.g /static/12345678/css/something.css will become /css/something.css rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; } location /userContent { # have nginx handle all the static requests to userContent folder # note : This is the $JENKINS_HOME dir root /var/lib/jenkins/; if (!-f $request_filename){ # this file does not exist, might be a directory or a /**view** url rewrite (.*) /$1 last; break; } sendfile on; } location / { sendfile off; proxy_pass http://jenkins; proxy_redirect default; proxy_http_version 1.1; # Required for Jenkins websocket agents proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; #this is the maximum upload size client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffering off; proxy_request_buffering off; # Required for HTTP CLI commands proxy_set_header Connection ""; # Clear for keepalive } ``` Any ideas where else I could investigate this? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cb304365-3621-4449-ba83-2310ff98d195n%40googlegroups.com.