Simple Machines Community Forum

Customizing SMF => Tips and Tricks => Topic started by: vbgamer45 on January 11, 2019, 12:02:05 PM

Title: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: vbgamer45 on January 11, 2019, 12:02:05 PM
In this simple guide we will show how to allow SMF 2.0.x to run in an iframe.

Open your index.php in the root directory of your forum

Find
Code: [Select]
header('X-Frame-Options: SAMEORIGIN');
Change to
Code: [Select]
// header('X-Frame-Options: SAMEORIGIN');
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: live627 on January 11, 2019, 10:31:57 PM
Wouldn't this then open the door to clickjacking (https://www.owasp.org/index.php/Clickjacking)?
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: Aleksi "Lex" Kilpinen on January 12, 2019, 02:22:07 AM
There are risks, but there are also valid usecases.
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: Kindred on January 21, 2019, 10:49:34 AM
personally, I think that iframes are outdated at this point.... with the various SSI functions from pretty much every site, why would you open yourself to the potential security issues?
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: Masterd on February 02, 2019, 12:34:35 PM
Wouldn't this then open the door to clickjacking (https://www.owasp.org/index.php/Clickjacking)?

It most certainly would. Iframes are an outdated and risky concept at this point.
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: spiros on April 08, 2019, 01:00:43 PM
Even better, define extra sites with Content-Security-Policy: frame-ancestors

https://www.simplemachines.org/community/index.php?topic=566974.msg4015060#msg4015060
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: vbgamer45 on April 08, 2019, 02:12:37 PM
Learned something new.
Title: Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
Post by: spiros on April 09, 2019, 09:23:42 AM
Well, we all live and learn, took me a couple of hours searching to sort it out...