cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Custom HTML dashboard

Hi  All,

I have been trying to use the "Custom HTML" panel with an <IFRAME> statement to display some of the graphical content on some of our devices, however the origin security features of most modern browsers render this useless. In our environment the content is almost always accessed with http: and is generally accessed by RFC1918 style private IP address, so a double whammy security-wise.  The help says:   

<iframe  src="http://${IP_Address}/monitoring.html" width="1000" height="600" ></iframe> 

should work and without origin issues would return something like below.

 

zeb146_0-1596065880008.png

Rather than a nasty red error about protocol/domain mismatch errors seem in the web console.

Whatever solution people may suggest needs to be very simple so the customer can deploy it easily without huge knowledge but still maintain some security.  So far nothing in the knowledge base really addresses this issue, as far as I can see, but there seems to be several people complaining about blank white panels when they attempt to use the feature.  I also note that no one from SolarWinds has also pointed out that their simple examples will only work with URLs in the same domain and using the same protocol as the calling SolarWinds URL.   

Suggestions?

Peter

 

 

 

 

0 Kudos
2 Replies
Product Manager
Product Manager

What browser are you using? From my initial test, this works just fine using Chome Version 84.0.4147.105

2020-07-30 11_14_35-Window.png

0 Kudos

The Chrome Version 84.0.4147.105 (Official Build) (64-bit) we use follows the Domain/Origin security standards (the now default settings) as far as I can tell and will not allow any IFRAME to contain anything that doesn't use the same protocol and/or domain to the calling html.

So that would, in our case, be HTTPS and solarwinds.teamtalk.net,nz    As we are calling a website on  older equipment that only runs HTTP and is accessed by IP address I cannot see an easy work around.  

You seem to be calling the local IIS server which probably satisfies the Domain/Origin requirements... 

 

0 Kudos