Avoiding cross-domain security restrictions

Question

I have a customer who would like to embed an iframe from a Tableau server on a webpage, without getting cross-domain security restrictions.&nbsp;
Currently the tableau server resides behind "tableau.prod.mysite.com." The customer would like traffic that goes to "prod.mysite.com/tableau" to route to "tableau.prod.mysite.com" which the customer thinks will fix the problem. &nbsp;
Any suggestions? Thanks!&nbsp;

vernonwells · Answer

I will say firstly that, of course, cross-site protections do exist for a very good reason, so the customer should be quite careful about this.&nbsp;
Having said that, the Host header and Request Target can be transparently rewritten as it traverses the BIG-IP.  The following recipe explains what this is, how it is done, and provides an example:&nbsp;
iRules Recipe 2: Transparent Request Target Rewriting

Forum Discussion

Avoiding cross-domain security restrictions

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Avoiding Common iRules Security Pitfalls

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

F5 iRule Geolocation restriction

Irule for restricting access

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS