Hi,
I am using open source BI Helical Insight version 6 enterprise edition with Docker. I have created a few canned reports (HCR) and I want to embed these reports into my application using an < iframe>. However, while integrating these reports, I am encountering the following error:
Refused to display 'https://MYIP/' in a frame because it set 'X-Frame-Options' to 'deny'.
Is there a way I can fix this?
Thanks.
Hello Snow,
This issue arises due to browser security restrictions related to cross-origin requests. Modern browsers like Chrome and Safari enforce strict rules to prevent embedding content from different origins, which includes blocking content that sets the X-Frame-Options header to DENY.
Recommended Approach:
The most reliable and future-proof solution is to host your application and Helical Insight on the same domain. This avoids cross-origin issues entirely and ensures stable embedding support across all browsers.
Temporary Workaround:
If using the same domain isn’t feasible, and you still want to proceed, here’s a workaround that may work—especially in browsers like Mozilla Firefox (note that this could stop working in future browser updates):
Steps to Allow Iframe Embedding:
1. Enable cross-origin and cookie settings
Update the web.xml file of your Helical Insight instance to allow cross-origin requests and cookies.
2. Modify NGINX configuration (for Docker setups)
In your Docker installation, locate the nginx.conf file and add the following line:
proxy_hide_header X-Frame-Options;
This removes the restrictive header that blocks iframe embedding.
3. Restart the Docker container
After applying the changes, restart your Helical Insight Docker container to apply the new settings.
Note: Embedding canned reports, report designer, or HCRs via iframe may not work reliably in Google Chrome in Helical Insight version 6.0. We recommend testing in Firefox or other browsers that currently allow such configurations.