In this simple guide we will show how to allow SMF 2.0.x to run in an iframe.
Open your index.php in the root directory of your forum
Find
header('X-Frame-Options: SAMEORIGIN');
Change to
// header('X-Frame-Options: SAMEORIGIN');
Wouldn't this then open the door to clickjacking (https://www.owasp.org/index.php/Clickjacking)?
There are risks, but there are also valid usecases.
personally, I think that iframes are outdated at this point.... with the various SSI functions from pretty much every site, why would you open yourself to the potential security issues?
Quote from: live627 on January 11, 2019, 10:31:57 PM
Wouldn't this then open the door to clickjacking (https://www.owasp.org/index.php/Clickjacking)?
It most certainly would. Iframes are an outdated and risky concept at this point.
Even better, define extra sites with Content-Security-Policy: frame-ancestors
https://www.simplemachines.org/community/index.php?topic=566974.msg4015060#msg4015060
Learned something new.
Well, we all live and learn, took me a couple of hours searching to sort it out...
While I know this is an older topic, is there a variation of this available for SMF 2.1xx?
it is a feature in the admin panel. I don't recall where but you can configure this directly there.
Quote from: Illori on December 30, 2019, 07:17:36 AM
it is a feature in the admin panel. I don't recall where but you can configure this directly there.
In Admin > Maintenance > Server Settings > Security: Frame Security Options
Or Just type the word frame into the admin search box. ;)
I heart y'all! Thank you, thank you!
Okay, since y'all helped me, I've worked through a process to allow the iframed page title to be fed back to the parent page's page title... I want to post this as a tip and trick, of course, but can't seem to create a new topic for this (and, yes, I've read the instructions).
I'll have to make this post somewhere else, come back here and link to it, and let the SMF team have at it.
Posted... just to ensure I'm complying with the Tips and Tricks guidelines, I've posted it on one of the SMF Friends private board.
This will allow the SMF Team to review and decide to approve/reject. :)