24-Nov-2021 09:42
I have an iRule as follows:
when HTTP_RESPONSE {
if {!([HTTP::header exists "X-Frame-Options"])} {
HTTP::header insert X-Frame-Options "DENY"
}
}
I expected the following page was blocked.
<html>
<iframe src="https://abc.org/wfc/logon" title="description"></iframe>
<head></head>
<body>
</body>
</html>
But it was not blocked.
What did I miss here ?
thanks !!
24-Nov-2021 17:01
After more reading, it seems the x-frame-options prevents the page in my server from being loaded by someone else, right ?
If I loaded another page in the same server within iframe, the page should be loaded ?
When I tested it, the page was still loaded within <iframe> page </iframe>. Is this supposed to be?