Reputation: 71
adding http headers to SSRS
Is there a way to add in custom http response headers to the response from SSRS?
Something similar to adding the following to an IIS web.config file? I tried adding it in C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\web.config but it doesn't work.
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
This is on Windows 2012 r2 running SQL Server 2012.
FYI, I'm not talking about the column headers in a report itself.
Thanks, Shawn
Upvotes: 7
Views: 5615
Answers (3)
Reputation: 1164
You can edit the server properties to add a custom header. In SSMS, connect to the report server instance, right click the server and select "Properties", Go to Advanced, then under the User-defined section.
You can configure CORS and Custom Headers. Here's what an example would look like for each:
This enables CORS—and additionally, at least I've tested in Chrome—enables iframes.
AccessControlAllowOrigin: https://prod_app:8888/, http://dev_app:8888/
CustomHeaders: <CustomHeaders><Header><Name>Content-Security-Policy</Name><Pattern>.*</Pattern><Value>frame-ancestors https://prod_app:8888 http://prod_dev:8888</Value></Header></CustomHeaders>
These settings are physically located in the SSRS database ReportServer -> dbo.ConfigurationInfo table.
A server reboot may be required for Custom headers to update across all targeted patterns. I had some weird server-side caching issues.
Upvotes: 1
Reputation: 405
It is now possible to set HTTP headers in Power BI Report Server and SQL Server Reporting Services 2017 and later.
You have to connect to the Report Server instance in SQL Server Management Studio, right click on the Report Server name, then select Properties, and finally select the Advanced menu option. The Microsoft Documentation covers it extensively (Link below).
Server Properties Advanced Page - Power BI Report Server & Reporting Services
The issue I faced was connecting the the Report Server instance in SSMS. The Report Server instance was on a different server to the database instance and SSMS installation. The trick was to specify the 'Web Service URL' of the Report Server instance. e.g. http://example.local/reportserver. There's more information in the Microsoft Documentation if you have issues (Link below)
Connect to a Report Server in Management Studio
Upvotes: 2
Reputation: 71
So I never found a way to apply this to all the pages but we use forms authentication and wanted it for the login page so in the code behind I added this:
private void Page_Load(object sender, System.EventArgs e)
{
Response.AddHeader("X-Frame-Options", "SAMEORIGIN");
}
Upvotes: 0
Related Questions
- Reporting Services: How to place a report parameter in the header
- Sending custom HTTP headers with an SSRS Rendering Extension
- SSRS Report Header
- Repeating column headers for SSRS report
- A common header for 400 reports
- SSRS report headers are not fixed when exported to Excel
- Headers in SSRS Reports in Excel
- SSRS Header not formatted
- How to customize the header in my report?
- How do I prevent header chaos in, SQL Server Reporting Services