Client Interface not Displaying in Web Frame after Upgrade to 12.5.2

I submitted a Case to SolarWinds today but their Engineers have to investigate and they're not in until Monday.  I'm trying to resolve this before then to minimize the impact this issue is going to cause.

I upgraded our WHD this morning from 12.1 to 12.52 and everything went fine.  Prior to the update, if a Client navigated to our Portal, the Client Ticket Interface would be displayed in a Frame on the web page.

After the update, the Ticket Interface in the Frame is no longer displayed (please see attached).  If I click on the Link to Open in a New Window, the Client Interface is displayed correctly.  Obviously, I'd like it to display in the Frame as it did before the update.

My Administrator believes the X-Frame-Options are not set correctly to allow this function and need to be changed on the WHD side and not the Portal side.

I've found this link ( detailing how to add the code but do not see any Config File on the WHD where I would make this change.  Not in the whd.conf or the tomcat_web_template file., nor in the Help Desk Dashboard under Setup  I also backed up both of these files before the update and don't find this custom line in either file.

I'm sure this would be a common issue with a "simple" fix but if anyone has any insight, it would be sincerely appreciated.  Thanks!


  • straybullet​, it looks like the anti-clickjacking updates keep the iframe from showing. The tomcat settings you are looking for are under /usr/local/webhelpdesk/bin/tomcat/conf/web.xml. Adding filters like in this post tomcat7 - How do I set X-Frame-Options as response header in angularJS? - Stack Overflow should help you out.



  • X-Frame-Options is a header included in the response to the request to state if the domain requested will allow itself to be displayed within a frame. It has nothing to do with javascript or HTML, and cannot be changed by the originator of the request. You can't set X-Frame-Options on the iframe. That is a response header set by the domain from which you are requesting the resource . They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. So you cannot embed their website into yours. Browsers when see that the response header contains X-Frame-Options: SAMEORIGIN, they check your domain and block the rendering of the <iframe>. It is a security measure to avoid clickjacking.

  • A page can only be displayed in a frame in the same origin as the page itself. The specification leaves it up to the browser manufacturer to decide whether the variant applies to the top level, the parent, or the entire chain, although he argued that the variant is not very useful if all ancestors are also in the same lineage. Also see Browser Compatibility for more information on support.