• Welcome to Simple Machines Community Forum. Please login or sign up.

[HOWTO] Allow SMF 2.0.x to run in an iframe

Started by vbgamer45, January 11, 2019, 12:02:05 PM

Previous topic - Next topic

vbgamer45

In this simple guide we will show how to allow SMF 2.0.x to run in an iframe.

Open your index.php in the root directory of your forum

Find

header('X-Frame-Options: SAMEORIGIN');

Change to

// header('X-Frame-Options: SAMEORIGIN');
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

live627


Aleksi "Lex" Kilpinen

There are risks, but there are also valid usecases.
A Finnish Project Manager (Support Specialist)
 Happily running multiple SMF 2.x installations.
  Fooling around with i7-10700 @ 2,90GHz-4.80GHz / 16Gb / RTX-2070 Super / 3840x2160 / Win 10 x64


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Kindred

personally, I think that iframes are outdated at this point.... with the various SSI functions from pretty much every site, why would you open yourself to the potential security issues?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Masterd

Quote from: live627 on January 11, 2019, 10:31:57 PM
Wouldn't this then open the door to clickjacking?

It most certainly would. Iframes are an outdated and risky concept at this point.

spiros


vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

spiros

Well, we all live and learn, took me a couple of hours searching to sort it out...

Douglas

While I know this is an older topic, is there a variation of this available for SMF 2.1xx?
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie / Guru / Maven / whatever)

Illori

it is a feature in the admin panel. I don't recall where but you can configure this directly there.

lurkalot

Quote from: Illori on December 30, 2019, 07:17:36 AM
it is a feature in the admin panel. I don't recall where but you can configure this directly there.

In Admin > Maintenance > Server Settings > Security:  Frame Security Options

Or Just type the word frame into the admin search box.  ;)

Douglas

Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie / Guru / Maven / whatever)

Douglas

December 30, 2019, 09:44:46 AM #12 Last Edit: December 30, 2019, 10:06:11 AM by Douglas
Okay, since y'all helped me, I've worked through a process to allow the iframed page title to be fed back to the parent page's page title... I want to post this as a tip and trick, of course, but can't seem to create a new topic for this (and, yes, I've read the instructions).

I'll have to make this post somewhere else, come back here and link to it, and let the SMF team have at it.

Posted... just to ensure I'm complying with the Tips and Tricks guidelines, I've posted it on one of the SMF Friends private board.

This will allow the SMF Team to review and decide to approve/reject. :)
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie / Guru / Maven / whatever)

Advertisement: