How to resolve X-Frame-Options and CORS issues in Bold BI Embedded application?

When hosting the Bold BI server and embedded application in different domains, you may encounter issues with X-Frame-Options and CORS. This article will guide you through resolving these issues.

Problem

When trying to link to dashboard pages using a popup in an embedded application, the following error occurs:

Refused to display 'https://yourwebsite.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'

Access to XMLHttpRequest at 'https://example.com/api/data' from origin 'https://yourwebsite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Solution

1. Host the Bold BI and embedded application in the same domain: This issue may occur if the Bold BI server and the embedded application are hosted in different domains. To resolve this issue, host both the Bold BI and the embedded application in the same domain.

2. Disable X-Frame-Options: Ensure that you have disabled the “X-Frame-Options” in Bold BI server.

3. Configure CORS: If you have configured the security feature “CORS” in the Bold BI server, make sure that your domains are included. If CORS is configured but your domain is not included will result in the CORS issue.

To learn more about security settings in Bold BI, refer to the help documentation.

Additional References

• Bold BI help documentation
• Configuring X-Frame option in Bold BI
• CORS in Bold BI server