1 2 Previous Next 23 Replies Latest reply on Jun 26, 2018 1:34 AM by Ralph Ulrich

    2018.1 server embedded viz Javascript API security issues with trusted authetification

    Ralph Ulrich

      Hello friends,


      after upgrade to 2018.1 server no filter actions or Javascript calls like i.e. export to pdf are working if trusted authentication is used on an embedded viz.

      Browser console shows errors like:


      can't access SecurityError: Blocked a frame with origin "https://tableau.[domain-name]" from accessing a cross-origin frame.

      Failed to load resource: the server responded with a status of 500 (Internal Server Error)

      vqlweb.js:7 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *".


      Both the main website (www) and the tableau server (tableau) are in the same domain. Tableau is running behind haproxy. I tried to modify the response headers which eliminated most errors but the Internal server error 500 remains.


      With 10.5.3 everything was fine.

      Without trusted authentification everything works fine.


      Any ideas?

        1 2 Previous Next