Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Jun 16, 2023

Removing x-frame-options header from response when using APM

Hey everyone! We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withou...
application delivery
BIG-IP Access Policy Manager (APM)
headers
security
  • Juergen_Mang's avatar
    Juergen_Mang
    Jun 19, 2023

    This should do the trick.

    when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

     

Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP

This should do the trick.

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
}

when HTTP_RESPONSE_RELEASE {
    HTTP::header remove "x-frame-options"
}

 

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Jun 19, 2023

Will give it a try, just have to wait for the user to test again 🙂