Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

iFrames not loading when ESP is enabled on a Virtual Service

 

Information

 

Summary:

This article will outline a workaround solution when using ESP on the Virtual Service (VS) and iFrames on the real server's web application.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: iFrame Web Applications

Question/Problem Description:

Sometimes iFrame won't load successfully, displaying a blank webpage, when ESP is enabled on the virtual service.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:

ESP can add additional headers to the request upon completing successful authentication. One of these request headers is called X-Frame-Options, which can cause iFrames to not load successfully. The headers that ESP can add are as follows:

X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Resolution:  
Workaround:

The workaround is to delete this X-Frame-Options header using a content-switching rule. It is necessary to ensure that this content rule triggers after ESP, so placing this rule on a lower Sub Virtual Service (SubVS) or nested Virtual Service may be required. The syntax for creating the content rule can be found below:

 

Rule Name: Delete_X_Frame_Options
Rule Type: Delete Header
Header Field to be Deleted: X-Frame-Options

 

This rule must then be assigned on the SubVS or nested VS under Advanced Properties > HTTP Header Modifications > Request Rules. SAML ESP must be enabled on the level above this to work, so ESP enabled on the main VS and this content rule assigned on the SubVS would be appropriate.

.Notes:

Content Rules:

https://support.kemptechnologies.com/hc/en-us/articles/14337456680973-Content-Rules

ESP:

https://support.kemptechnologies.com/hc/en-us/articles/14337457839757-Edge-Security-Pack-ESP-


Was this article helpful?
0 out of 0 found this helpful

Comments