marefr
commented
5 years ago Support for X-Frame-Options deny was added in Grafana v6.2, see https://grafana.com/docs/guides/whats-new-in-v6-2/#improved-security.
This is a Grafana plugin so you cannot run this without Grafana. Closing.
Our internal security tool scan finds below threat in using this plugin. File : plugins/grafana-piechart-panel/module.html Threat The web page can be framed. This means that clickjacking attacks against users are possible. Impact With clickjacking, an attacker can trick a victim user into clicking an invisible frame on the web page, thereby causing the victim to take an action they did not intend to take.
Solution Common clickjacking prevention mechanisms include: X-Frame-Options: This is an HTTP response header that is used to prevent framing of the web page
Can we fix it in the next release ?