How to resolve X-Frame-Options and CORS issues in Bold Reports?

When hosting the Bold Reports server and embedded application on different domains, you may encounter issues with X-Frame-Options and CORS. This article will guide you through resolving these issues.

Problem

When trying to link to report pages via a popup in an embedded application, the following error occurs:

Refused to display 'https://yourwebsite.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'

Access to XMLHttpRequest at 'https://example.com/api/data' from origin 'https://yourwebsite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Solution

1. Host the Bold Reports and embedded application in the same domain: This issue may occur if the Bold Reports server and the embedded application are hosted in different domains. To resolve this issue, host both the Bold Reports and the embedded application in the same domain.

2. Disable X-Frame-Options: Ensure that you have disabled the X-Frame-Options in Bold Reports server.

3. Configure CORS: If you have configured the security feature CORS in the Bold Reports server, make sure that your domains are included. If CORS is configured but your domain is not included, this will result in the CORS issue.

Additional References

• Bold Reports help documentation
• Configuring the X-Frame option in Bold Reports
• CORS in Bold Reports server