Is it possible to use internal http proxy from an iFrame App

[devexter]

I want to include internally hosted web services in mashroom via the iFrame App.

Unfortunately a number of them set the X-Frame-Options header to DENY preventing rendering in an iFrame in the browser.

As I don't own/manage those services, I am looking at removing that response header by accessing the URL's via a proxy. I can configure an external proxy but wondered if I can do this using the internal proxy via config only.

Does the built-in mashroom http-proxy intercept all calls to external URL's e.g. in this case from an iFrame App?

Do I just add a custom http-proxy-interceptor to remove the X-Frame-Options header from any HTTP response.

[nonblocking]

No, the iFrame App is very simple and cannot use the proxy. So, it is currently not possible to expose "internal" web sites or ones that actively refuse to be integrated via x-frame headers.

I mean in theory you could create a simple web-app plugin that uses MashroomHttpProxyService to forward all request to your internal web site and then use an interceptor plugin to remove the x-frame headers. But this would only work if the target site only uses relative paths for assets and link targets which is veeeery unlikely.

[cakriwut]

Adding to @nonblocking comments, such plugins that need to perform following:

1. rewrite response body to convert absolute path to relative path
2. intercept x-frame header in the request

Sounds to me like Nginx reverse proxy with X-Frame-Options and rewrite body using substitution filter.

1. https://docs.nginx.com/nginx/admin-guide/dynamic-modules/http-substitutions-filter/
2. https://docs.nginx.com/nginx-management-suite/acm/how-to/policies/proxy-response-headers/