New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards

Data

New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards

If you embed your Tableau analytics dashboards through either a straight embedded i-frame or with the JavaScript API, upgrading your Tableau Server to 9.1 will cause some unexpected grief.

But it’s fixable.

After upgrading Tableau Server to 9.1, I was getting this error:

Refused to display ‘https://path/to/my/tableau/dashboard?:embed=y&:showVizHome=n&:tabs=n&:to…‘ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.

Though not mentioned in the official release notes, Tableau has changed the default setting for Clickjacking defense. In the past, this feature was left false, which allowed for unrestricted embedding of Tableau dashboards.

In 9.1, the new default setting for clickjacking defense is true. Though a good default setting for security, it completely restricts any embedding.

To fix the behavior after upgrading, simply run the tabadmin command and restart your Tableau Server: 

tabadmin set wgserver.clickjack_defense.enabled false

More Info

Click the link below to read about Clickjack protection for Tableau Server:

http://onlinehelp.tableau.com/current/server/en-us/clickjack_protection.htm

For further information on Clickjack protection and previous versions of Tableau:

http://kb.tableau.com/articles/knowledgebase/clickjacking-protection

 

More About the Author

Tom McCullough

Regional Solutions Lead - South Central
New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards If you embed your Tableau analytics dashboards through either a straight embedded i-frame or with the JavaScript API, upgrading your ...
Using import.io, Python and Tableau LOD Calculations to Visualize Top Baby Names over 101 Years I haven’t had a ton of time to really dig into the new features of Tableau 9, but I did want to start playing with the new Level ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK