Configure dashboards image allow list and Content Security Policy setting

The dashboards image allow list is a list of authorized URL domains that aids the management of external images. Images without a domain specified in the list will not render in the dashboard. To permit an external image, you can add the image's URL domain to the list.

The Content Security Policy (CSP) setting controls the enforcement of the dashboards image allow list. The setting comes enabled by default and warns you if an external image has a URL domain not in the allow list. You can disable the enforcement of the allow list and the CSP warning by configuring your web.conf file.

Configure dashboards image allow list

Use the Splunk Support Portal to submit a support case requesting support add the image URL domains to the image allow list. In your support case, specify which web.conf stanza will contain the dashboards_csp_allowed_domains setting.

Example of a configured dashboards_csp_allowed_domains setting

The setting dashboards_csp_allowed_domains contains the *.api.splkmobile.com domain by default. To prevent inaccurate error messages, do not remove the *.api.splkmobile.com domain.

The following is an example of a configured dashboards_csp_allowed_domains setting. All domains after *.api.splkmobile.com are example domains.

dashboards_csp_allowed_domains = *.api.splkmobile.com, *.trusted.com, *.help.splunk.com