Catch up on the latest product updates, best practices, and expert insights from the Checkmk Conference #12 – Watch the livestream recordings now

Werk #19985: Dashboard widgets: reject disallowed title URLs on save

Component User interface
Title Dashboard widgets: reject disallowed title URLs on save
Date Jun 12, 2026
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
3.0.0b1
Not yet released
Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT
2.5.0p8
Not yet released
Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT

A widget title can link to a URL, for which only the http and https schemes are allowed. Previously the REST API accepted a title link URL with any scheme on write and only dropped a disallowed one when reading the dashboard back (see Werk #19583), so the rejected value was still written to the stored configuration. The REST API now rejects such a URL (for example javascript:) at save time with a validation error, so it never reaches the stored configuration.

API clients that previously sent such a URL received a successful response (the value was then dropped on read) they now receive a 400 error instead.

To the list of all Werks