Embedding Metric Insights content in sites that have a different domain
Metric Insights by default only allows embedding in sites that are on the same domain. For example, if Metric Insights is on domainA.com then MI content can be embedded in other sites if those are are on the same domainA.com domain.
However, if MI content must be embedded in a site that is on a different domain, e.g. domainB.com, Metric Insights will reject that embed request.
Here, we show you how to update Metric Insights to allow embedding in sites that have a different domain.
Metric Insights uses Apache for the web server. To ensure embedding is only allowed on sites that are on the same domain, we set the following for Apache by default:
Header set x-frame-options: "SAMEORIGIN"
Disable x-frame-options: "SAMEORIGIN"
To allow embedding MI content on sites with a different domain, you need to disable the x-frame-options setting as described in the instruction below (applies to all deployment types, from Simple Installs to Orchestrated):
- Enter the web Container:
sudo mi-web
- Open
metricinsights-custom.conf
in an editor:vim /etc/apache2/mi.conf.external.d/metricinsights-custom.conf
- Enter the code below to disable the
x-frame-options: "SAMEORIGIN"
setting, then save and exit:
Header unset X-Frame-Options
Header append Content-Security-Policy "frame-ancestors 'self' <required domain name, where MI content will be embedded>;"
NOTE:
- In some cases, it is required only to disable x-frame-options. We recommend trying both approaches to see which one works for you.
- Pay particular attention to
<required domain name, where MI content will be embedded>
. This is where you specify domainB.com for example (the site where MI content will be embedded):
Header unset X-Frame-Options
Header append Content-Security-Policy "frame-ancestors 'self' domainB.com;"
- Restart the Apache server from the web container:
service apache2 restart