Forum Discussion
Seth_Cooper
Jun 10, 2015Employee
Hi Alex,
Here is an iRule workaround to use this for several sites.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { [ACCESS::session sid] == "" || ![ACCESS::session exists -state_allow] } {
session does not exist in allow state, continue, user is logging in now
} else {
session already exists and is allowed, don't do anything, this will be the 99.9% case.
return
}
if { [HTTP::uri] contains "renderer" } {
return
}
if { [info exists frame_referer] } {
return
}
set frame_referer [HTTP::header "Referer"]
}
when HTTP_RESPONSE_RELEASE {
Update below to match your desired TLD
if { [info exists frame_referer] && $frame_referer matches_regex {UPDATE_THIS} } {
HTTP::header replace "X-Frame-Options" "ALLOW-FROM $frame_referer"
}
}
Hope this helps!
You need to have the db variable set to "allow_from"
Seth