Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Modify WebUI headers

Featured Replies

Hi

 

I am trying to bed my Unraid WebUi as a tab in Home Assistant. This worked perfectly on my LAN with UnRaid version 6.9 but since upgrading to version 6.10 it seems like the web server now sets the x-frame-options header to 'sameorigin'. 

 

Is there a way I can update this?

 

Thanks in advance!

 

 

  • 4 months later...
On 6/21/2022 at 4:47 PM, Squid said:

Not without modifying the code yourself

 

coming a little late to the party but.. would that be able with a plugin/startup script?

  • 1 year later...

I've had this issue too. I'm using HomeAssistant LoveLace dashboard where I use iFrames for my other web interfaces.

 

For future reference:

- SSH to your Unraid server

- Open /etc/nginx/nginx.conf with vi or nano

- Go to the bottom to find add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/"

- Edit to your liking (example): add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/ https://ha.mydomain.net"

 

After editing you need to reload the web service of unraid:

/etc/rc.d/rc.nginx reload

 

 

Extra:

If you run a reverse proxy and/or 2FA service in your iframe you need to include these too. It is allowed to add IP addresses.

 

As an example:

add_header Content-Security-Policy "frame-ancestors 'self' https://connect.myunraid.net/ https://ha.mydomain.net 192.168.1.1 172.30.0.2"

 

Dropdown:

- Default: https://connect.myunraid.net/

- Where the iframe is used: https://ha.mydomain.net

- Reverse proxy: 192.168.1.1

- 2FA url 172.30.0.2

Edited by renedis1

  • 3 months later...

I have been struggling getting this to work to load unraid in an iframe in Organizr.  The instructions above was half the battle, the other half was to add the following in chrome:

 

Open: chrome://flags/#unsafely-treat-insecure-origin-as-secure and add https://tower.mydomain.com to the list of insecure sites to allow then change the setting to enable and relaunch chrome.  

 

I don't know why organizr is trying to load http instead of https but this at least allows things to work the way I need!

Edited by toyanucci

  • 2 weeks later...

I've made further progress and found we no longer need to set that chrome flag to get this to work. We just need to add https://organizr.yourdomain.com (url you use to access organizr outside of your network) to /etc/nginx/nginx.conf and in organizr we need to add https://tower.yourdomain.com/Dashboard as the tab url for unRAID and the iframe will work!

  • 4 months later...

my workaround is to do this in an array startup userscript

 

just replace `YOURDOMAINHERE` and you should be good

 

#!/bin/bash

# Path to the nginx.conf file
NGINX_CONF="/etc/nginx/nginx.conf"

# New Content-Security-Policy directive
NEW_CSP="add_header Content-Security-Policy \"frame-ancestors 'self' https://connect.myunraid.net/ https://*.YOURDOMAINHERE\";"

# Use sed to replace the line
sed -i.bak "/add_header Content-Security-Policy/c\\
$NEW_CSP
" $NGINX_CONF

# Restart Nginx to apply changes
nginx -s reload

echo "Content-Security-Policy directive updated and Nginx reloaded."


 

Edited by phyzical

  • 1 year later...
On 9/3/2024 at 2:06 PM, phyzical said:

my workaround is to do this in an array startup userscript

 

just replace `YOURDOMAINHERE` and you should be good

 

#!/bin/bash

# Path to the nginx.conf file
NGINX_CONF="/etc/nginx/nginx.conf"

# New Content-Security-Policy directive
NEW_CSP="add_header Content-Security-Policy \"frame-ancestors 'self' https://connect.myunraid.net/ https://*.YOURDOMAINHERE\";"

# Use sed to replace the line
sed -i.bak "/add_header Content-Security-Policy/c\\
$NEW_CSP
" $NGINX_CONF

# Restart Nginx to apply changes
nginx -s reload

echo "Content-Security-Policy directive updated and Nginx reloaded."


 

Small note to the script for anyone looking at this in 2026:

The conf file which should be modified is now at (at least for me):

/etc/nginx/conf.d/servers.conf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.