Forum Discussion
CirrocumulusRemoving x-frame-options header from response when using APM
Hey everyone!
We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?
I´ve tried several irules at different events to remove the header, but without any progress..
This should do the trick.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_RESPONSE_RELEASE { HTTP::header remove "x-frame-options" }The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html
5 Replies
- Juergen_Mang
MVP
This should do the trick.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_RESPONSE_RELEASE { HTTP::header remove "x-frame-options" }
kimhenriksenWill give it a try, just have to wait for the user to test again 🙂
- kimhenriksen
That´s a negative on that, your irule was almost identical to mine .. except for the first event. But what i added that, the apm policy doesnt fire at all... When i access the vip there is nothing.
- Juergen_Mang
The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html
