Forum Discussion
Removing x-frame-options header from response when using APM
Hey everyone!
We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?
I´ve tried several irules at different events to remove the header, but without any progress..
This should do the trick.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_RESPONSE_RELEASE { HTTP::header remove "x-frame-options" }
The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html
This should do the trick.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_RESPONSE_RELEASE { HTTP::header remove "x-frame-options" }
- kimhenriksenCirrostratus
That´s a negative on that, your irule was almost identical to mine .. except for the first event. But what i added that, the apm policy doesnt fire at all... When i access the vip there is nothing.
The apm policy fires always if it is attached to the vs, unless you add an ACCESS::disable anywhere.
Why ACCESS::restrict_irule_events is required: https://clouddocs.f5.com/api/irules/ACCESS__restrict_irule_events.html
- kimhenriksenCirrostratus
Will give it a try, just have to wait for the user to test again 🙂
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com