Removing x-frame-options header from response when using APM
We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?
I´ve tried several irules at different events to remove the header, but without any progress..
The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html