Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...


Warning

...

Access Checkmk view within an Iframe

...

titleWarning

The automatic login via the URL in the browser described below has been disabled for security reasons since Checkmk 2.2.0, because the credentials (user name and password) passed via URL are stored in the log files of the site-specific Apache (see Werk #14261). If you want to use automatic login via the URL despite this security risk, you must explicitly enable this with the global setting Setup > General > Global settings > User interface > Enable login via GET requests.

Please refer to our Official Documentation for additional information.

Status
colourYellow
titleLAST TESTED ON CHECKMK 2.1.0P1


Panel
borderColorblack
bgColor#f8f8f8
titleTable of Contents

Table of Contents

Access Checkmk view within an Iframe

If your site Apache is secured by cookie-based authentication

Code Block
languagebash
themeRDark
OMD[multisitemysite]:~$ omd config show MULTISITE_COOKIE_AUTH
on


the The URL for auto login needs to be set like this:

Code Block
languagebash
themeRDark
http://localhost/testmysite/check_mk/login.py?_origtarget=/testmysite/check_mk/view.py?view_name=allhosts&_username=cmkadmin&_password=cmk&_login=1

...

Code Block
languagebash
themeRDark
http://cmkadmin:cmk@localhost/testmysite/check_mk/view.py?view_name=allhosts

...

The same procedure for Nagios views presenting in an Iframe!

Debug HTTPS iframes

Problem

Note

Since Werk #6774, it's not possible to use an HTTPS Iframe within Checkmk (this also affects nagvis). 

If you're considering doing this, please keep in mind remember that this is a security issue and not supported by us. 

Determine the issue

When You get the following broken page when opening an https HTTPS Iframe within Checkmk, I get that message.

Screenshot of broken page within an iFrameImage Modified


To find For a better more verbose error message, please open the developer tools of the current browser, select the Header Console, and refresh the page. That This is usually done with the F12 key:

Image RemovedScreenshot of broken page within an iFrame. Web inspector enabled with a section of the error message highlighted.Image Added


And the The browser is also complaining produces an error about the missing Content-Secuirty-Policy (CSP).   Please keep in mind that a lot of many Software/Pages do not want to be integrated as an Iframe due to security settings

Please also check the logs from the Checkmk site:

Code Block
languagebash
themeRDark
OMD[mysite]:~$ ls var/log/apache/
access_log  error_log  stats

.

Filter by label (Content by label)
showLabelsfalse
max5
spacesCON
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ( "view" , "gui" , "howto" ) and type = "page" and space = "CONKB"
labelsgui view


Page Properties
hiddentrue


Related issues


...