kimhenriksen
Jun 16, 2023Cirrostratus
Removing x-frame-options header from response when using APM
Hey everyone!
We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?
I´ve tried several irules at different events to remove the header, but without any progress..
This should do the trick.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_RESPONSE_RELEASE { HTTP::header remove "x-frame-options" }
The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html