[SOLVED] Funnelback in an iFrame + X-Frame-Options

rklose 2017-05-01 06:55:29 UTC #1

My problem is as follows.

We have a search box on multiple sites which does a search on funnelback, but in an iframe. The problem being the X-Frame-Options defaulting to DENY.

So in the collections.cfg for the meta collection, I set the X-Frame-Options header to one of the site, and it works great (in Chrome, not in FF - FF need a different header if I remember correctly). So since it worked in Chrome, I added an X-Framer-Options header for each of the sites. BUT, you cannot have multiple X-Frame-Options headers.

I tried using the Custom Servlet Filter Hook script to dynamically write the header based on the "referer" URL, but the default DENY head still exists as well as the new header. So this doesn't work.

Has anyone else had this issue and have a cross browser solution?

Regards,
Rob

gtran 2017-05-01 23:52:25 UTC #2

The only option I can really thing think of is using the custom form headers; https://docs.funnelback.com/15.10/more/extra/ui_modern_form_headers_collection_cfg.html
ui.modern.form.simple.headers.1=X-Frame-Options: ALLOW-FROM https://<url1> ui.modern.form.simple_2.headers.2=X-Frame-Options: ALLOW-FROM https://<url2> ui.modern.form.simple_3.headers.3=X-Frame-Options: ALLOW-FROM https://<url3>
If you want all the forms to actually behave the same, you can use the include directive in freemarker.

e.g. In simple_2.ftl insert the following:
<#include "simple.view.ftl">

It's not an ideal solution, but may be enough for your needs.

rklose 2017-05-02 00:50:03 UTC #3

Muchas Gracius Gioan, all sorted (with minor changes to the sample code).

ui.modern.form.simple.headers.1=X-Powered-By: Funnelback enterprise search
ui.modern.form.simple.headers.2=Access-Control-Allow-Origin: *
ui.modern.form.simple.headers.count=2

ui.modern.form.simple_1.headers.1=X-Powered-By: Funnelback enterprise search
ui.modern.form.simple_1.headers.2=Access-Control-Allow-Origin: *
ui.modern.form.simple_1.headers.3=X-Frame-Options: ALLOW-FROM https://
ui.modern.form.simple_1.headers.count=3

ui.modern.form.simple_2.headers.1=X-Powered-By: Funnelback enterprise search
ui.modern.form.simple_2.headers.2=Access-Control-Allow-Origin: *
ui.modern.form.simple_2.headers.3=X-Frame-Options: ALLOW-FROM https://
ui.modern.form.simple_2.headers.count=3