Replace X-Frame-Options value

ottleydamian · ‎17-Aug-2020

I need help with my syntax because it is not identifying and changing the text/value as expected. The response header in question is:

X-FRAME-OPTIONS: ALLOW-FROM https://my.identitymanager.com:8443

My iRule to replace the text/value is:

if { [HTTP::header value X-FRAME-OPTIONS] contains "identitymanager" }{
    HTTP::header replace X-FRAME-OPTIONS [string map -nocase [list my.identitymanager.com biz.identitymanager.com] [HTTP::header value X-FRAME-OPTIONS]] }

I also tried:

[HTTP::header value X-FRAME-OPTIONS: ALLOW-FROM]

But that is an illegal argument

Dario_Garrido · ‎17-Aug-2020

Hello Ottley.

Try this instead

HTTP::header replace X-Frame-Options "ALLOW-FROM https://biz.identitymanager.com:8443"

Regards,

Dario.

Regards,
Dario.

Dario_Garrido · ‎18-Aug-2020

Or even this:

set XFO [string map -nocase {"my.identitymanager.com" "biz.identitymanager.com"} [HTTP::header value X-FRAME-OPTIONS]]
HTTP::header remove X-FRAME-OPTIONS
HTTP::header insert X-Frame-Options $XFO

Regards,

Dario.

Regards,
Dario.

ottleydamian · ‎20-Aug-2020

Unfortunately, neither of these solutions worked. I tried just the remove, to test and that didn't work either. It seems that we are not catching X-Frame-Options, not sure if ALLOW-FROM is considered part of the header. Suggestions? I will keep trying different things

Dario_Garrido · ‎20-Aug-2020

Hello Ottley.

I suspect that you executing those command in a wrong event.

My iRule:

when HTTP_RESPONSE {
    HTTP::header replace X-Frame-Options "ALLOW-FROM https://biz.identitymanager.com:8443"
}

My F5 response:

< Date: Fri, 21 Aug 2020 06:09:59 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
< Content-Length: 7830
< Connection: close
< Content-Type: text/html; charset=UTF-8
< X-Frame-Options: ALLOW-FROM https://biz.identitymanager.com:8443

Regards,

Dario.

Regards,
Dario.

DevCentral

Replace X-Frame-Options value

MFA required on DevCentral