iFrames not loading when ESP is enabled on a Virtual Service
Information
| Summary: |
This article will outline a workaround solution when using ESP on the Virtual Service (VS) and iFrames on the real server's web application. |
| Environment: |
Product: LoadMaster Version: Any Platform: Any Application: iFrame Web Applications |
| Question/Problem Description: |
Sometimes iFrame won't load successfully, displaying a blank webpage, when ESP is enabled on the virtual service. |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: |
ESP can add additional headers to the request upon completing successful authentication. One of these request headers is called X-Frame-Options, which can cause iFrames to not load successfully. The headers that ESP can add are as follows: X-Content-Type-Options: nosniff |
| Resolution: | |
| Workaround: |
The workaround is to delete this X-Frame-Options header using a content-switching rule. It is necessary to ensure that this content rule triggers after ESP, so placing this rule on a lower Sub Virtual Service (SubVS) or nested Virtual Service may be required. The syntax for creating the content rule can be found below:
Rule Name: Delete_X_Frame_Options
This rule must then be assigned on the SubVS or nested VS under Advanced Properties > HTTP Header Modifications > Request Rules. SAML ESP must be enabled on the level above this to work, so ESP enabled on the main VS and this content rule assigned on the SubVS would be appropriate. |
| .Notes: |
Content Rules: https://support.kemptechnologies.com/hc/en-us/articles/14337456680973-Content-Rules ESP: https://support.kemptechnologies.com/hc/en-us/articles/14337457839757-Edge-Security-Pack-ESP- |