boozel Posted June 20, 2022 Share Posted June 20, 2022 Hi I am trying to bed my Unraid WebUi as a tab in Home Assistant. This worked perfectly on my LAN with UnRaid version 6.9 but since upgrading to version 6.10 it seems like the web server now sets the x-frame-options header to 'sameorigin'. Is there a way I can update this? Thanks in advance! Quote Link to comment
Squid Posted June 21, 2022 Share Posted June 21, 2022 Not without modifying the code yourself Quote Link to comment
m4rcus Posted October 28, 2022 Share Posted October 28, 2022 On 6/21/2022 at 4:47 PM, Squid said: Not without modifying the code yourself coming a little late to the party but.. would that be able with a plugin/startup script? Quote Link to comment
renedis1 Posted January 7 Share Posted January 7 (edited) I've had this issue too. I'm using HomeAssistant LoveLace dashboard where I use iFrames for my other web interfaces. For future reference: - SSH to your Unraid server - Open /etc/nginx/nginx.conf with vi or nano - Go to the bottom to find add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/" - Edit to your liking (example): add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/ https://ha.mydomain.net" After editing you need to reload the web service of unraid: /etc/rc.d/rc.nginx reload Extra: If you run a reverse proxy and/or 2FA service in your iframe you need to include these too. It is allowed to add IP addresses. As an example: add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/ https://ha.mydomain.net 192.168.1.1 172.30.0.2" Dropdown: - Default: https://connect.myunraid.net/ - Where the iframe is used: https://ha.mydomain.net - Reverse proxy: 192.168.1.1 - 2FA url 172.30.0.2 Edited January 7 by renedis1 Quote Link to comment
toyanucci Posted April 9 Share Posted April 9 (edited) I have been struggling getting this to work to load unraid in an iframe in Organizr. The instructions above was half the battle, the other half was to add the following in chrome: Open: chrome://flags/#unsafely-treat-insecure-origin-as-secure and add https://tower.mydomain.com to the list of insecure sites to allow then change the setting to enable and relaunch chrome. I don't know why organizr is trying to load http instead of https but this at least allows things to work the way I need! Edited April 18 by toyanucci Quote Link to comment
toyanucci Posted April 18 Share Posted April 18 I've made further progress and found we no longer need to set that chrome flag to get this to work. We just need to add https://organizr.yourdomain.com (url you use to access organizr outside of your network) to /etc/nginx/nginx.conf and in organizr we need to add https://tower.yourdomain.com/Dashboard as the tab url for unRAID and the iframe will work! Quote Link to comment
phyzical Posted September 3 Share Posted September 3 (edited) my workaround is to do this in an array startup userscript just replace `YOURDOMAINHERE` and you should be good #!/bin/bash # Path to the nginx.conf file NGINX_CONF="/etc/nginx/nginx.conf" # New Content-Security-Policy directive NEW_CSP="add_header Content-Security-Policy \"frame-ancestors 'self' https://connect.myunraid.net/ https://*.YOURDOMAINHERE\";" # Use sed to replace the line sed -i.bak "/add_header Content-Security-Policy/c\\ $NEW_CSP " $NGINX_CONF # Restart Nginx to apply changes nginx -s reload echo "Content-Security-Policy directive updated and Nginx reloaded." Edited September 3 by phyzical Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.