Forum Discussion

MVP

Oct 26, 2022

Applying APM on an iframe

Hello everyone, I'm having this issue where APM-protected content fails to start APM session if called from an iFrame. The access session starts at client request time as expected, and I can see t...

application delivery

BIG-IP Access Policy Manager (APM)

security

CA_Valli
Dec 13, 2022
So we did some more testing, and this is not going to work.
We've worked with support and experimented with iRules to insert additional headers and cookies into the response, but the behaviour of CORS is that these are always going to be removed. And because APM relies heavily on cookies to function, it does mean that accessing APM-protected content from an iFrame will fail to work.

AubreyKingF5

Moderator

Sorry about this! One thing.. and sorry I didn't see this until now.. one-connect on the VIP. Did support have you try this?

CA_Valli

MVP

Jan 05, 2023

Hello Aubrey, thanks for your input.
We haven't tried Oneconnect, but since APM is in place and we're getting errors at authentication time, the BIG-IP never really forwards these packets to back-end anyways.

AubreyKingF5
Moderator
Jan 06, 2023
Did support give any idea on whether or not a fix for this was on the horizon in code release?
- CA_Valli
  MVP
  Jan 06, 2023
  Hello Aubrey, we've agreed with support on building a workaround to this.
  We haven't discussed software fix.
  
  Regards
  CA
  - Jonathan_c
    Cirrus
    Apr 18, 2023
    Hi CA_Valli,
    We're facing a similar situation. Did you ever managed to get a workaround?
    Thanks