Error "A potentially unsafe URL has been blocked" When Using URL Actions

Published: 02 Dec 2013
Last Modified Date: 13 Apr 2018


When you try to use a URL action to view local images on Tableau Server or Tableau Online, the following error might occur:
A potentially unsafe URL has been blocked


  • Tableau Server
  • Tableau Online


Option 1

Add URL protocol schemes to the safe list by using the tabadmin set command. The schemes httphttpsgophernews, and mailto are whitelisted by default. This command can contain multiple comma and space-separated values enlosed by double quotes, as in this example:

tabadmin set vizqlserver.url_scheme_whitelist "scheme1,scheme2"

The values you specify overwrite previous settings (exluding the default settings). Therefore, you must include the full list of schemes in the set command. (You cannot amend the list of schemes by running the set command repeatedly.)

The list should consist of schemes - such as mailto, file, or javascript - rather than individual urls. The following command is not valid:

tabadmin set vizqlserver.url_scheme_whitelist file:\\pathtomyfilehere

For example, to whitelist the file protocol:

  1. On the computer running Tableau Server, open the Command Prompt window as an administrator and navigate to the Tableau Server bin directory:
    • On a 32-bit computer: cd "C:\Program Files\Tableau\Tableau Server\[version]\bin"
    • On a 64-bit computer: cd "C:\Program Files (x86)\Tableau\Tableau Server\[version]\bin"
  2. At the command prompt, run the following commands in order:
    • tabadmin stop
    • tabadmin set vizqlserver.url_scheme_whitelist file
    • tabadmin config
    • tabadmin start
Important: Only Internet Explorer allows the use of the file protocol. Chrome and Firefox block the file protocol for security reasons and whitelisting this protocol in Tableau Server cannot force Chrome or Firefox to allow the file protocol.

Option 2

Host the files on an external webserver that can be accessed via http or https. If the files within the desired folder were hosted on a webpage, the URL Action should work as expected within Tableau Online and Tableau Server.


The behavior encountered when attempting to link to a local file from a URL action within a dashboard hosted on Tableau Online or Tableau Server is expected. This is due to security implementations within Tableau Online or Tableau Server which address potential vulnerabilities when linking to local files, these security enhancements were implemented in Tableau Server 8.1.
Did this article resolve the issue?