Modifying Apache response headers for external widgets

On newer versions of Monitor, the Apache config will contain this line:

Header always append X-Frame-Options SAMEORIGIN

This is added for security purposes, but is likely to break external widgets.

In order to make external widgets work, users need to change this configuration to be more specific, for example with a rule like:

Header set Content-Security-Policy "frame-ancestors 'self' foo.bar.com;"

Users are encouraged to understand the purpose and effect of these policies before making changes: for the “frame-ancestors” example you may refer to the MDN docs on frame-ancestors.

OP5 external widget configuration: Manage dashboards and widgets