Since fix MWS_8.2_SP1_Fix14, mws is returning the http header X-FRAME-OPTIONS with value set to SAMEORIGIN. Does anyone know to change this header?


That is controlled by the response header rules.

You can configure them by logging in as sysadmin and opening this page:
Administrative Folders > Administration Dashboard > User Interface > Manage Response Header Rules


We don’t have that option “Manage Response Header Rules”! Is there anything we should install?


Hmm. Yes you are right, I just checked what was in MWS_8.2_SP1_Fix14 and it appears to be missing the component that would have created that page. Specifically components\admin\ui\wm_ruleadmin.pdp

I would recommend opening up a new support request to correct that oversight and provide you a fix.

I’ve done that yesterday and while I don’t get the fix, is there any way I could (manually) disable the rules?

Thanks a lot,

I’m not certain this will work on that version of MWS, but you might be able to navigate directly to the folder that contains the rules and edit them from there.

For example:

  1. login as sysadmin
  2. open the ‘System > Response Header Rules’ folder.
  3. Click the rule in the folder list to edit it.

It doesn’t :(, it fails to load the portlet…
Do you know where MWS saves the enabled checkbox? Database, other? Yes, I really need to remove this header :slight_smile:

Ok. One last thing you can try is to disable the rules from an xmlImport.xml file

For example, create an xmlImport.xml file with content like the below and copy it to the /deploy folder to get it processed:

    <!-- response header rules -->
    <CONTEXT alias="responseheaders.rule.folder">
            <wm_xt_portalrules name="Login Page Deny Non Same-Orgin Framing"
        <wm_xt_portalrules name="Login Page Deny All Framing"

Last but not least. It worked!
Eric, you’re the greatest :slight_smile:
Thank you very much.