Web Page panel in Spotfire does not work with all web pages
Article ID: KB0084162
Updated On:
| Products | Versions |
|---|---|
| Spotfire Analyst | 7.5, 7.6, 7.7, 7.8 |
Description
Some pages cannot be embedded in another context such as used in an iframe of another web page or be rendered inside of Spotifre's web panel. It is up to each web page to decide whether it allows itself to be rendered inside other applications. If a web page will not render you can press CTRL+ALT+SHIFT+F12 in Spotfire Analyst to open up a developer tool window. If it shows the following error in the "console" tab, it means that the web page has prohibited you from using it in Spotfire:
Refused to display 'https://www.hostname.org/path' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
A web page can indicate to the web browser or application whether it should be possible or not by using the the HTTP header X-Frame-Option which can have three different types of values[1]:
- DENY - The page cannot be displayed in a frame, regardless of the site attempting to do so.- SAMEORIGIN - The page can only be displayed in a frame on the same origin as the page itself.
- ALLOW-FROM uri - The page can only be displayed in a frame on the specified origin.
TIBCO Spotfire Analyst cannot show any page that has the X-Frame-Options set.
TIBCO Spotfire Web Player will show the page if the header is not set or the Web Player's URL is white listed, meaning the Web Player URL and the Web Page are of the same origin as per the Same-Origin Policy[2].
Issue/Introduction
The Web Page panel is a tool that allows you to view web pages in Spotfire. This is useful, for instance, if you use some kind of web based tool hosted on a web server. Some web pages cannot be "framed" in the web page panel due to restrictions set by the web page itself.
Resolution
Ask the administrator of the web page you wish to embed to remove the X-Frame-Options field from the HTTP responses or set it to ALLOW-FROM uri where uri is the URL of the Web Player.
Additional Information
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
Feedback
Yes
No
Powered by
