Cerothen 97 Posted June 12, 2015 Posted June 12, 2015 @@Luke A while ago I switched from using the reverse proxy to I frames since HLS doesn't seem to agree with reverse proxies. The I frames were to have a simple link for people to access the content without needing to remember the port number that the server resides on (I could have done a redirect but I liked making the port less obvious anyway. In the most recent beta Version 3.0.5641.1 I can confirm that I-Frames don't seem to work any more. Nothing has changed on my end other than updating the server to the latest beta as a result I am raising the issues to those with the skills to resolve it. Thanks,
Luke 42077 Posted June 12, 2015 Posted June 12, 2015 We added a response header that indicates the web client cannot be run in an iframe. I suppose it would have to become configurable
Cerothen 97 Posted June 12, 2015 Author Posted June 12, 2015 We added a response header that indicates the web client cannot be run in an iframe. I suppose it would have to become configurable That would be good. Was there any reason that there was the implied need for the blocking of Iframes to begin with?
gstuartj 40 Posted June 12, 2015 Posted June 12, 2015 (edited) That would be good. Was there any reason that there was the implied need for the blocking of Iframes to begin with? I don't know the actual reasoning, but one advantage in my mind is it's a basic change that can help prevent some CSRF/XSS attacks. Edited June 12, 2015 by gstuartj 3
Jambercob 12 Posted June 16, 2015 Posted June 16, 2015 No iFrames I guess from a security stand point this is a good change but I did prefer that my IP address not be directly shown. I hope in the future this will become configurable to allow iFrames if the user so wishes. Thanks for the direct answer on this matter Luke.
Luke 42077 Posted June 16, 2015 Posted June 16, 2015 there's a hidden config switch in the server config file you can toggle - DenyIFrameEmbedding
Untoten 306 Posted April 1, 2017 Posted April 1, 2017 there's a hidden config switch in the server config file you can toggle - DenyIFrameEmbedding Any chance/plans of adding this to the advanced configuration?
Luke 42077 Posted April 1, 2017 Posted April 1, 2017 No need because that header is no longer being applied anymore now that some browsers have deprecated it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now