New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards

New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards

Tom McCullough
//

If you embed your Tableau analytics dashboards through either a straight embedded i-frame or with the JavaScript API, upgrading your Tableau Server to 9.1 will cause some unexpected grief.

But it’s fixable.

After upgrading Tableau Server to 9.1, I was getting this error:

Refused to display ‘https://path/to/my/tableau/dashboard?:embed=y&:showVizHome=n&:tabs=n&:to…‘ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.

Though not mentioned in the official release notes, Tableau has changed the default setting for Clickjacking defense. In the past, this feature was left false, which allowed for unrestricted embedding of Tableau dashboards.

In 9.1, the new default setting for clickjacking defense is true. Though a good default setting for security, it completely restricts any embedding.

To fix the behavior after upgrading, simply run the tabadmin command and restart your Tableau Server: 

tabadmin set wgserver.clickjack_defense.enabled false

More Info

Click the link below to read about Clickjack protection for Tableau Server:

http://onlinehelp.tableau.com/current/server/en-us/clickjack_protection.htm

For further information on Clickjack protection and previous versions of Tableau:

http://kb.tableau.com/articles/knowledgebase/clickjacking-protection

 

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072

×

Love our blog? You should see our emails. Sign up for our newsletter!