Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

TCL error on a iRule

Hi we have the following iRule to add X-Frame-Options header. Which is being done perfectly. But from LTM log we are getting spammed with the following message.

Any idea?

when HTTP_RESPONSE {
  #if { $iframeurl != 1 } { HTTP::header replace X-Frame-Options "SAMEORIGIN" }
  HTTP::header replace X-Frame-Options "SAMEORIGIN"
  set myValues [HTTP::cookie names]
  foreach mycookies $myValues {
      #log local0. "Cookie Name: $mycookies being secured."
    if { [HTTP::cookie version $mycookies] != 1 } {
      set ckval [HTTP::cookie value $mycookies]
      set ckpath [HTTP::cookie path $mycookies]
      HTTP::cookie remove $mycookies
      HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
    }
    HTTP::cookie secure $mycookies enable
    HTTP::cookie httponly $mycookies enable
  }
}
err tmm[7870]: 01220001:3: TCL error: /Common/eCom_set_secure_httpOnly  - Operation not supported (line 2)     invoked from within "HTTP::header replace X-Frame-Options "SAMEORIGIN""
0
Rate this Question
Comments on this Question
Comment made 11-Sep-2014 by Joe Pruitt 6272
Just thinking off the top of my head, but I'm not sure if this error occurs if the header doesn't exist. I can't recall if the replace command will add the header if it doesn't exist. You might toss in a "header exists" check in there and use a "header insert" if it doesn't. Not sure if that will fix it, but it's worth a try.
1

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Try this:

    when HTTP_RESPONSE {
  #if { $iframeurl != 1 } { HTTP::header replace "X-Frame-Options" "SAMEORIGIN" }
  HTTP::header replace "X-Frame-Options" "SAMEORIGIN"
  set myValues [HTTP::cookie names]
  foreach mycookies $myValues {
      #log local0. "Cookie Name: $mycookies being secured."
    if { [HTTP::cookie version $mycookies] != 1 } {
      set ckval [HTTP::cookie value $mycookies]
      set ckpath [HTTP::cookie path $mycookies]
      HTTP::cookie remove $mycookies
      HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
    }
    HTTP::cookie secure $mycookies enable
    HTTP::cookie httponly $mycookies enable
  }
}

I"m not 100% certain that the quotes are needed, but all instances of it that i've seen in our iRules have had them.

Cheers

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

in TCL quotes are needed if the value you are passing has a space in it: i.e. "X FRAME Options"

in this case X-Frame-Options and "X-Frame-Options" would do the same thing.

HTH.

0