Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Jun 16, 2023

Removing x-frame-options header from response when using APM

Hey everyone!

We have an application that uses iframe to load another site that´s apm protected, but the default x-frame-options deny blocks this. Anyone have any ideas on how to bypass this (withouth globally disabling this feature)?

I´ve tried several irules at different events to remove the header, but without any progress..

 

  • This should do the trick.

    when CLIENT_ACCEPTED {
        ACCESS::restrict_irule_events disable
    }
    
    when HTTP_RESPONSE_RELEASE {
        HTTP::header remove "x-frame-options"
    }