apisix-dashboard icon indicating copy to clipboard operation
apisix-dashboard copied to clipboard

Published 20 hours ago verified publisher icon apache

Why is there still this problem,grafana cannot be displayed

Open yigeqiji opened this issue 2 years ago • 11 comments

Issue description

Why is there still this problem,grafana cannot be displayed

Expected behavior

normal

How to Reproduce

image

Screenshots

image

Environment

  • apisix version (cmd: apisix version):
  • OS (cmd: uname -a):
  • OpenResty / Nginx version (cmd: nginx -V or openresty -V):
  • etcd version, if have (cmd: run etcd --version):
  • apisix-dashboard version, if have:
  • Browser version, if have:

Additional context

No response

yigeqiji avatar Aug 12 '22 03:08 yigeqiji

I tried to change this configuration, but it has no effect

x_frame_options: "sameorigin"

yigeqiji avatar Aug 12 '22 03:08 yigeqiji

Hi, @yigeqiji, I fixed that by updateing the allow_embedding(under the security group) config item as true in your Grafana configuration file and restart Grafana server.

# security
# ...
# set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false.
allow_embedding = true

pixeldin avatar Aug 13 '22 03:08 pixeldin

I also getting the same issue, even though my current config is true for 'allow_embedding'

# security
# ...
# set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false.
allow_embedding = true
image

sangnguyen7 avatar Aug 17 '22 19:08 sangnguyen7

hello @yigeqiji The cause is due to the CSP (content-security-policy) and I think we can allow the iframe to fix it. you can custom CSP config here https://github.com/apache/apisix-dashboard/blob/master/api/conf/conf.yaml#L63-L69

please refer: https://apisix.apache.org/docs/dashboard/next/USER_GUIDE/

guoqqqi avatar Aug 18 '22 02:08 guoqqqi

You can configure frame-src * to allow all frame

guoqqqi avatar Aug 18 '22 02:08 guoqqqi

Have you solved the prolem?

xiaolei000129 avatar Sep 13 '22 06:09 xiaolei000129

Have you solved the prolem? it'w work for me, add some lines in conf.yaml security: access_control_allow_credentials: true # support using custom cors configration access_control_allow_headers: "Authorization" access_control-allow_methods: "*" x_frame_options: "allow-from *" content_security_policy: "frame-src *;"

trungtien avatar Sep 13 '22 07:09 trungtien

你解决问题了吗? 它对我有用,在 conf.yaml 中添加一些行 security: access_control_allow_credentials : true # support using custom cors configration access_control_allow_headers : "Authorization" access_control-allow_methods: "*" x_frame_options: "allow-from *" content_security_policy: " frame-源 *;" Have you solved the prolem?

xiaolei000129 avatar Sep 13 '22 08:09 xiaolei000129

image yep,

trungtien avatar Sep 13 '22 09:09 trungtien

image yep,

是用你上面的配置吗?

xiaolei000129 avatar Sep 13 '22 13:09 xiaolei000129

image yep,

是用你上面的配置吗?

image

trungtien avatar Sep 13 '22 15:09 trungtien

not documented, facing the same bug

lucamaf avatar Oct 20 '22 09:10 lucamaf

solved after following steps here

LiberiFatali avatar Oct 27 '22 04:10 LiberiFatali