Forum Discussion
ottleydamian
Cirrus
CirrusReplace X-Frame-Options value
I need help with my syntax because it is not identifying and changing the text/value as expected. The response header in question is:
X-FRAME-OPTIONS: ALLOW-FROM https://my.identitymanager.com:8443
My iRule to replace the text/value is:
if { [HTTP::header value X-FRAME-OPTIONS] contains "identitymanager" }{
HTTP::header replace X-FRAME-OPTIONS [string map -nocase [list my.identitymanager.com biz.identitymanager.com] [HTTP::header value X-FRAME-OPTIONS]] }
I also tried:
[HTTP::header value X-FRAME-OPTIONS: ALLOW-FROM]
But that is an illegal argument
Hello Ottley.
Try this instead
HTTP::header replace X-Frame-Options "ALLOW-FROM https://biz.identitymanager.com:8443"Regards,
Dario.
Or even this:
set XFO [string map -nocase {"my.identitymanager.com" "biz.identitymanager.com"} [HTTP::header value X-FRAME-OPTIONS]] HTTP::header remove X-FRAME-OPTIONS HTTP::header insert X-Frame-Options $XFORegards,
Dario.
ottleydamianUnfortunately, neither of these solutions worked. I tried just the remove, to test and that didn't work either. It seems that we are not catching X-Frame-Options, not sure if ALLOW-FROM is considered part of the header. Suggestions? I will keep trying different things
Hello Ottley.
I suspect that you executing those command in a wrong event.
My iRule:
when HTTP_RESPONSE { HTTP::header replace X-Frame-Options "ALLOW-FROM https://biz.identitymanager.com:8443" }My F5 response:
< Date: Fri, 21 Aug 2020 06:09:59 GMT < Server: Apache/2.2.15 (CentOS) < X-Powered-By: PHP/5.3.3 < Content-Length: 7830 < Connection: close < Content-Type: text/html; charset=UTF-8 < X-Frame-Options: ALLOW-FROM https://biz.identitymanager.com:8443Regards,
Dario.
