Forum Discussion
NimbostratusiFrames iRule
NoctilucentHello Drodyc.
The iframes should be constructed in your backend server for being delived to your clients.
After that, you can use them in a different sites using something like this:
<iframe src="https://mydomain.com"></iframe>For security reasons, one browser is not going to display iframes not belonging to the domain requested.
You can control that using one specific HTTP header called 'X-Frame-Options' (see https://developer.mozilla.org/es/docs/Web/HTTP/Headers/X-Frame-Options).
So you can configure your website to allow iframes from 'mydomain.com' using this HTTP header.
X-Frame-Options: ALLOW-FROM https://mydomain.com/This header could be controlled in your backend server o directly in your F5 with an iRule.
when HTTP_RESPONSE {
#X-Frame-Options
HTTP::header insert X-Frame-Options "ALLOW-FROM https://mydomain.com/"
}Regards,
Dario.
NimbostratusIt seems as though our backend server guys would rather us have our BIG-IP to make this work as oppose there servers. I have tried the iRule below. The distant end users reported that it did not work. I used our backend server's URL and our distant end user's URL and both was unsuccessful. Is this iRule below is all I need or am I missing other lines? Should the 1st line be HTTP_RESPONSE or HTTP_REQUEST?
- when HTTP_RESPONSE {
- #X-Frame-Options
- HTTP::header insert X-Frame-Options "ALLOW-FROM https://mydomain.com/"
- }
Is it recommended to use this iRule below?
- when HTTP_RESPONSE {
- HTTP::header replace X-Frame-Options "SAMEORIGIN"
- }
Lastly, do I need to modify a DB value in CLI or is that only for APM? Thank you so much!
