Blocked by X-Frame-Options Policy message on web pages
I have FF configured in Strict security mode. It works really good but I think I find annoying is that FF displays these notifications (Blocked by X-Frame-Options Policy) on the web pages. Is there a way to ask FF not to show it?
cheers
All Replies (8)
How to disable the X-FRAME-OPTIONS response header Login to the Configuration Center and go to the corresponding Mapping. Select tab Response Action. Disable the action "(default) Add X-Frame-Options header" Activate the new configuration.
When you suggest to disable the setting, what is the corresponding Mapping you are talking about? When you say Configuration Center do you mean about:config screen? If that is correct what properly should I be searching for (I am assuming this is what you are referring to as Mapping).
FYI. I dont want to completely disable this security feature but rather I dont want the FF to show this "Black Looking Message" on the screen.
Hello markster,
It is possible to globally enable/disable the X-Frame-Options action in the Configuration Center under Application Firewall > Default Action and/or overwrite this setting on mappings if desired.
To disable the action on the Mapping do the following:
Login to the Configuration Center and go to the corresponding Mapping. Select tab Response Action. Disable the action "(default) Add X-Frame-Options header" Activate the new configuration. To change the action on the Mapping do the following:
Login to the Configuration Center and go to the corresponding Mapping. Select tab Response Action. Click on the icon on the right side of "(default) Add X-Frame-Options header" action. Now, under Custom Action a copy of this action should be available. Rename it to for example "(customized) Add X-Frame-Options header" Edit the Header Value as prefered. Make sure the default action is disabled and the customized action is enabled. Activate the new configuration
I hope this will help you.
Modified
This is a first time I hear about "Configuration Center" . What is the configuration center you are referring to?
I want to prevent sites to load in X-Frames and this is working just fine and FF browser shows the following on the page - see attached. I want to configure FF not to show this on web pages.
hello markster,
please follow the steps and instruction :
I Hope resolve your problem easily :
The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page or not. The header declares the framing policy with values DENY (will prevent any framing), SAMEORIGIN (will prevent framing by external sites), or ALLOW-FROM origin (will allow framing only by the specified site). Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Airlock WAF also provides this HTTP response header to the client to increase the frame security. Per default the value is set to following: X-FRAME-OPTIONS: SAMEORIGIN
It is possible to globally enable/disable the X-Frame-Options action in the Configuration Center under Application Firewall > Default Action and/or overwrite this setting on mappings if desired.
To disable the action on the Mapping do the following:
- Login to the Configuration Center and go to the corresponding Mapping. Select tab Response Action.
- Disable the action "(default) Add X-Frame-Options header"
- Activate the new configuration.
To change the action on the Mapping do the following:
- Login to the Configuration Center and go to the corresponding Mapping. Select tab Response Action.
- Click on the icon on the right side of "(default) Add X-Frame-Options header" action.
- Now, under Custom Action a copy of this action should be available.
- Rename it to for example "(customized) Add X-Frame-Options header"
- Edit the Header Value as prefered.
- Make sure the default action is disabled and the customized action is enabled.
- Activate the new configuration.
Thank you, but How do I access Configuration Center? I don't see any links in Firefox to Configuration Center under Help. I tried querying this forum for "Configuration Center" and found nothing about this and how to access this function in the browser.