Skip to Main Content

Analytics Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Embedding External Content in Dashboards Content Security Policy

Max JusticeJul 7 2022

Hi,
I'm looking for help to resolve an issue with Oracle Analytic Server's Presentation Service which allows users to view content from the dashboard embedded in an iframe.
My desired goal is to allow my "HomePage" to render the OAS dashboard inside Microsoft Edge (Chromium-based) in an iFrame without the following error:
"Refused to display 'ExternalDashboard' in a frame because it set 'frame-ancestor to 'self'"
I've updated the following files:
Oracle_Home/bi/file_templates/OBIPS/config/instanceconfig.xml
<Security>
<ContentSecurityPolicy>
<PolicyDirectives>
<Directive>
<Name>frame-src</Name>
<Value>*</Value>
</Directive>
<Directive>
<Name>img-src</Name>
<Value>*</Value>
</Directive>
</PolicyDirectives>
</ContentSecurityPolicy>
</Security>

domains/bi/servers/bi_server1/tmp/_WL_user/bitech-analysis-application/irw68b/war/WEB-INF/web.xml
<init-param>
<description>Security option used in session header to indicate
whether app is embeddable in iframes</description>
<param-name>oracle.bi.tech.xFrameOptions</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<description>Security option used in session header to indicate
what resources can be loaded outside of origin</description>
<param-name>oracle.bi.tech.contentSecurityPolicy</param-name>
<param-value>default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com;child-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com data:;img-src 'self' elocation.oracle.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com blob: *.googleusercontent.com data:;font-src 'self' fonts.gstatic.com data:;frame-src 'self' ;frame-ancestors "HOMEPAGE_HERE" 'self' ;media-src 'self' data: blob: mediastream:;connect-src 'self' www.googleapis.com elocation.oracle.com;</param-value>
</init-param>
Places I've looked include:
Configuring and Managing Analyses and Dashboards (oracle.com) -> Embedded External Contents
But I'm unable to see my changes reflected in the browser. I'm at a complete loss to how to resolve this issue and would appreciate some help. Please let me know if more information is needed.

Comments