Hi,
Since fix MWS_8.2_SP1_Fix14, mws is returning the http header X-FRAME-OPTIONS with value set to SAMEORIGIN. Does anyone know to change this header?
Thanks
That is controlled by the response header rules.
You can configure them by logging in as sysadmin and opening this page:
Administrative Folders > Administration Dashboard > User Interface > Manage Response Header Rules
Hi,
We don’t have that option “Manage Response Header Rules”! Is there anything we should install?
Thanks
Bruno
Hmm. Yes you are right, I just checked what was in MWS_8.2_SP1_Fix14 and it appears to be missing the component that would have created that page. Specifically components\admin\ui\wm_ruleadmin.pdp
I would recommend opening up a new support request to correct that oversight and provide you a fix.
I’ve done that yesterday and while I don’t get the fix, is there any way I could (manually) disable the rules?
Thanks a lot,
Bruno
I’m not certain this will work on that version of MWS, but you might be able to navigate directly to the folder that contains the rules and edit them from there.
For example:
- login as sysadmin
- open the ‘System > Response Header Rules’ folder.
- Click the rule in the folder list to edit it.
It doesn’t :(, it fails to load the portlet…
Do you know where MWS saves the enabled checkbox? Database, other? Yes, I really need to remove this header 
Ok. One last thing you can try is to disable the rules from an xmlImport.xml file
For example, create an xmlImport.xml file with content like the below and copy it to the /deploy folder to get it processed:
<CONFIG>
<!-- response header rules -->
<CONTEXT alias="responseheaders.rule.folder">
<wm_xt_portalrules name="Login Page Deny Non Same-Orgin Framing"
isEnabled="false"
/>
<wm_xt_portalrules name="Login Page Deny All Framing"
isEnabled="false"
/>
</CONTEXT>
</CONFIG>Last but not least. It worked!
Eric, you’re the greatest
Thank you very much.