Login/Register
adding http headers to SSRS
Asked Answered
reporting-servicesssrs-2012
W

3

7

Is there a way to add in custom http response headers to the response from SSRS?

Something similar to adding the following to an IIS web.config file? I tried adding it in C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\web.config but it doesn't work.

<system.webServer>
        <httpProtocol>
            <customHeaders>
            <add name="X-Frame-Options" value="SAMEORIGIN" />
         </customHeaders>
     </httpProtocol>
</system.webServer>

This is on Windows 2012 r2 running SQL Server 2012.

FYI, I'm not talking about the column headers in a report itself.

Thanks, Shawn

Wilmer answered 16/5, 2017 at 17:30 Comment(1)
Did you ever figure this one out? Same thing here...Greenlet
N
2

It is now possible to set HTTP headers in Power BI Report Server and SQL Server Reporting Services 2017 and later.

You have to connect to the Report Server instance in SQL Server Management Studio, right click on the Report Server name, then select Properties, and finally select the Advanced menu option. The Microsoft Documentation covers it extensively (Link below).

Server Properties Advanced Page - Power BI Report Server & Reporting Services

The issue I faced was connecting the the Report Server instance in SSMS. The Report Server instance was on a different server to the database instance and SSMS installation. The trick was to specify the 'Web Service URL' of the Report Server instance. e.g. http://example.local/reportserver. There's more information in the Microsoft Documentation if you have issues (Link below)

Connect to a Report Server in Management Studio

Ninnetta answered 16/7, 2020 at 11:1 Comment(0)
I
1

You can edit the server properties to add a custom header. In SSMS, connect to the report server instance, right click the server and select "Properties", Go to Advanced, then under the User-defined section.

You can configure CORS and Custom Headers. Here's what an example would look like for each:

This enables CORS—and additionally, at least I've tested in Chrome—enables iframes.

AccessControlAllowOrigin: https://prod_app:8888/, http://dev_app:8888/
CustomHeaders: <CustomHeaders><Header><Name>Content-Security-Policy</Name><Pattern>.*</Pattern><Value>frame-ancestors https://prod_app:8888 http://prod_dev:8888</Value></Header></CustomHeaders>

These settings are physically located in the SSRS database ReportServer -> dbo.ConfigurationInfo table.

A server reboot may be required for Custom headers to update across all targeted patterns. I had some weird server-side caching issues.

Inappropriate answered 24/1, 2022 at 19:52 Comment(0)
W
0

So I never found a way to apply this to all the pages but we use forms authentication and wanted it for the login page so in the code behind I added this:

private void Page_Load(object sender, System.EventArgs e)
{
   Response.AddHeader("X-Frame-Options", "SAMEORIGIN");
}
Wilmer answered 20/3, 2018 at 19:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.