Forum Discussion

Altostratus

Aug 30, 2015

Clickjacking protection using X-FRAME-OPTIONS: ALLOW-FROM URI

Hello Folks, Can anyone help by sharing a snippet of iRule by inserting XFRAME-OPTIONS:ALLOW-FROM (single / multiple URI)? The requirement is to allow certain Frames from different applicat...

Nimbostratus

Dec 10, 2015

Hi Darshan,

Note that in X-Frame-Options header Allow-From token does not support wildcards or listing of multiple origins and it is not supported by couple of browsers as well, you can use the below irule where you can mention the URL from where you want to make it accessible

 when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "ALLOW-FROM http://www.mysite.com"
}

Forum Discussion

Clickjacking protection using X-FRAME-OPTIONS: ALLOW-FROM URI

Recent Discussions

CWE-20: Improper Input Validation

Errors in setup of BIGIP-NEXT CM VE on KVM

SEEK ADVICE FROM WEB BAILIFF CONTRACTOR ON STOLEN CRYPTO

AS3 Deployments (shared objects)

rSeries and tenant upgrades

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Removing x-frame-options header from response when using APM

Set x-frames-options header values depending on URI

Beyond REST: Protecting GraphQL

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection