New Default Setting in Tableau Server 9.1 Will Break Embedded Dashboards
But it’s fixable.
After upgrading Tableau Server to 9.1, I was getting this error:
Refused to display 'https://path/to/my/tableau/dashboard?:embed=y&:showVizHome=n&:tabs=n&:to...' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Though not mentioned in the official release notes, Tableau has changed the default setting for Clickjacking defense. In the past, this feature was left false, which allowed for unrestricted embedding of Tableau dashboards.
In 9.1, the new default setting for clickjacking defense is true. Though a good default setting for security, it completely restricts any embedding.
To fix the behavior after upgrading, simply run the tabadmin command and restart your Tableau Server:
tabadmin set wgserver.clickjack_defense.enabled false
Click the link below to read about Clickjack protection for Tableau Server:
For further information on Clickjack protection and previous versions of Tableau: