IBM Support

Load denied by X-Frame-Options

Troubleshooting


Problem

TM1Web is configured with HTTP but some of the custom applications where Websheets are embedded in iFrame are configured with HTTPs.

Users get this error while trying to access the Websheets from these applications :
"Load denied by X-Frame-Options: http://localhost:9510/tm1web/UrlApi.jsp#Action=Open&Type=WebSheet&Workbook=Applications/Planning Sample/Management Reporting/Actual v Budget&AdminHost=localhost&TM1Server=Planning Sample does not permit cross-origin framing"

Cause

HTTP iFrame is embedded in HTTPs pages hence sending insecure request from a secure page.Therefore browsers won't be forwarding origin/referer headers to prevent security threat.
In TM1Web if origin is null then X-Frame-Option is set to same-origin and so it does not load scripts from unknown sources.

Environment

IBM Planning Analytics Local

Resolving The Problem

1. Configure TM1Web with HTTPs because custom applications are configured with HTTPs
It is not recommended to use mixed content, especially active mixed content (iFrame)

Or

2. If it is not possible to configure TM1Web with HTTPs, add a "tm1web.origin" parameter to the websheet URL with the value of the current server/host.TM1Web will then not treat it as a request from an unknown host.
The sample websheet URL should look like this :
http://localhost:9510/tm1web/UrlApi.jsp?tm1web.origin=" + host  +"#Action=Open&Type=WebSheet&Workbook=Applications/Planning Sample/Management Reporting/Actual v Budget&AdminHost=localhost&TM1Server=Planning Sample

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 October 2019

UID

ibm11087540

Page Feedback