Advertisement:

Author Topic: [HOWTO] Allow SMF 2.0.x to run in an iframe  (Read 3146 times)

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 21,836
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
[HOWTO] Allow SMF 2.0.x to run in an iframe
« on: January 11, 2019, 12:02:05 PM »
In this simple guide we will show how to allow SMF 2.0.x to run in an iframe.

Open your index.php in the root directory of your forum

Find
Code: [Select]
header('X-Frame-Options: SAMEORIGIN');
Change to
Code: [Select]
// header('X-Frame-Options: SAMEORIGIN');
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline live627

  • Development Contributor
  • SMF Hero
  • *
  • Posts: 5,626
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #1 on: January 11, 2019, 10:31:57 PM »
Wouldn't this then open the door to clickjacking?

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,757
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #2 on: January 12, 2019, 02:22:07 AM »
There are risks, but there are also valid usecases.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Online Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,743
  • Gender: Male
    • Kindred-999 on GitHub
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #3 on: January 21, 2019, 10:49:34 AM »
personally, I think that iframes are outdated at this point.... with the various SSI functions from pretty much every site, why would you open yourself to the potential security issues?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Masterd

  • SMF Hero
  • ******
  • Posts: 3,924
  • Gender: Male
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #4 on: February 02, 2019, 12:34:35 PM »
Wouldn't this then open the door to clickjacking?

It most certainly would. Iframes are an outdated and risky concept at this point.

Offline spiros

  • Language Moderator
  • SMF Hero
  • *
  • Posts: 1,796
  • Gender: Male
  • A different point of view
    • spiros.doikas on Facebook
    • doikas on LinkedIn
    • @greektranslator on Twitter
    • Greek Translation
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #5 on: April 08, 2019, 01:00:43 PM »
Even better, define extra sites with Content-Security-Policy: frame-ancestors

https://www.simplemachines.org/community/index.php?topic=566974.msg4015060#msg4015060

Offline vbgamer45

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 21,836
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #6 on: April 08, 2019, 02:12:37 PM »
Learned something new.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline spiros

  • Language Moderator
  • SMF Hero
  • *
  • Posts: 1,796
  • Gender: Male
  • A different point of view
    • spiros.doikas on Facebook
    • doikas on LinkedIn
    • @greektranslator on Twitter
    • Greek Translation
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #7 on: April 09, 2019, 09:23:42 AM »
Well, we all live and learn, took me a couple of hours searching to sort it out...

Offline Douglas

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,100
  • Gender: Male
  • Non sibi sed patriae
    • @BearlyDoug on Twitter
    • TheFan.net
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #8 on: December 30, 2019, 06:17:49 AM »
While I know this is an older topic, is there a variation of this available for SMF 2.1xx?
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie)

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,939
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #9 on: December 30, 2019, 07:17:36 AM »
it is a feature in the admin panel. I don't recall where but you can configure this directly there.

Offline lurkalot

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,572
  • Gender: Male
  • Tinyportal Support
    • guitaristguild on Facebook
    • Tinyportal on GitHub
    • @GuitaristGuild on Twitter
    • Guitarist Guild
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #10 on: December 30, 2019, 07:30:58 AM »
it is a feature in the admin panel. I don't recall where but you can configure this directly there.

In Admin > Maintenance > Server Settings > Security:  Frame Security Options

Or Just type the word frame into the admin search box.  ;)

Offline Douglas

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,100
  • Gender: Male
  • Non sibi sed patriae
    • @BearlyDoug on Twitter
    • TheFan.net
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #11 on: December 30, 2019, 08:06:48 AM »
I heart y'all!  Thank you, thank you!
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie)

Offline Douglas

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,100
  • Gender: Male
  • Non sibi sed patriae
    • @BearlyDoug on Twitter
    • TheFan.net
Re: [HOWTO] Allow SMF 2.0.x to run in an iframe
« Reply #12 on: December 30, 2019, 09:44:46 AM »
Okay, since y'all helped me, I've worked through a process to allow the iframed page title to be fed back to the parent page's page title... I want to post this as a tip and trick, of course, but can't seem to create a new topic for this (and, yes, I've read the instructions).

I'll have to make this post somewhere else, come back here and link to it, and let the SMF team have at it.

Posted... just to ensure I'm complying with the Tips and Tricks guidelines, I've posted it on one of the SMF Friends private board.

This will allow the SMF Team to review and decide to approve/reject. :)
« Last Edit: December 30, 2019, 10:06:11 AM by Douglas »
Doug Hazard
* Full Stack (Web) Developer for The Catholic Diocese of Richmond
(20+ Diocesan sites, 130+ Church sites & 24 School sites)
* Sports Photographer and Media Personality
* CFB Historian
* Tech Admin for one 1M+ post, one 2M+ post and one 10M+ post sites (last two are powered by multiple servers)
* WordPress Developer (Junkie)