Disable Domino Web Site Content from being "Frameable" with an iFrame

Mindwatering Incorporated

Author: Tripp W Black

Created: 05/23/2017 at 01:24 PM

 

Category:
Domino Server Issues Troubleshooting
Web/HTTP

Issue:
Need to keep a Domino 8.5 or Domino 9 server's web content from being "frameable" within another page's Frames or iFrame (<frame> or <iframe> tags).

Solution:
Use a Web Site Rule document.
Note: To use Internet Site docs, your server must be using the Internet Sites view rather than its tab on the server document.

1. Navigate to the Internet Sites view and open the desired Web Site document
Domino Admin Client --> Configuration tab --> Web (on left) --> Internet Sites (view underneath) -->
Select document on right and double click to open.

2. Create the new rule document.


Web Site action dropdown --> Create Rule

3. In the new document, update as follows:
Description: No Embedded Frames (enter what makes sense to you)
Type of Rule: HTTP response headers
Incoming URL pattern: *
HTTP response codes: 200, 206
(Note: 100 series codes are info, 200 series are standard responses. IBM defaults it to 200 OK and 206 Partial, we left the default in this example.)
Expires header: Don't add header
Custom headers:
- Name: X-FRAME-OPTIONS
- Value: SAMEORIGIN
- Override checked
(Note: SAMEORIGIN means allow w/same domain, DENY means under no circumstances.)
Click Save & Close.



previous page