How to restrict embedding Bold BI site using an iFrame?
In order to prevent embedding a Bold BI site into another application using an iFrame, the X-Frame-Options must be set to Deny in the response header.
Currently, the X-Frame-Options Header is not added in the Bold BI Application as iFrame based embedding is one of the types of embedding solutions in our Embedded BI to embed the dashboards into another application.
Follow the steps below to add the X-Frame-Options in the response headers of the Bold BI server.
-
Open the Web.config file and add an X-Frame-Options header as shown below within the
system.webServermodule.<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="X-Frame-Options" value="Deny" /> </customHeaders> </httpProtocol> </system.webServer>
Web.config Directories
Since we have various distributed applications in Bold BI, we have to set the X-Frame-Options response header in the deployed applications below.
NOTE: By default, the Bold BI is deployed in “C:\BoldServices” for Windows.
| Applications | File Locations |
|---|---|
| Identity Provider | {Deployed Location}\idp\web\Web.config |
| Identity Provider API | {Deployed Location}\idp\api\Web.config |
| BOLD BI Server | {Deployed Location}\bi\Web.config |
| BOLD BI Server API | {Deployed Location}\bi\api\Web.config |
| Designer Service | {Deployed Location}\bi\dataservice\Web.config |
