X-Frame-Options for REST

Discussion created by keithsandell on Jan 30, 2014
Latest reply on Apr 18, 2017 by wgsl
Server 1 - Cloud Web Server on domain x

Server 2 - Cloud AGS Server on domain y, running AGS 10.1 and Web Adaptor

REST works good.

A geoprocessing service creates a pdf report that can be accessed successfully via the jobs folder.

I want to be able to display the report in an iframe in a jQuery Dialog from the page hosted on domain x, but these pesky X-Frame-Options on domain y are killing me.

To 'Server 2/domain y' I've tried adding an "ALLOW" header to the HTTP Response Headers in IIS at the instance level, default level and web adaptor level, as well as modifying the web.config for the web adaptor, but I can't shake the 'SAMEORIGIN' header.

The best I end up with is 'SAMEORIGIN' and 'ALLOW', which falls back to 'DENY'.

Am I headed in the right direction, but just not going far enough? Or am I off track?

Not sure if I need to restart anything after any of the above changes either?