[英]How to remove X-Frame-Options from the response
I have a problem with X-Frame-Options http header. 我有X-Frame-Options http标头的问题。
I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses. 我使用MVC 5,因此SAMEORIGIN选项会自动添加到Haders响应的Headers中。
I still want to use default option and I don't want to use below line in Application_Start: 我仍然想使用默认选项,我不想在Application_Start中使用下面的行:
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
I would like to remove X-Frame-Options header in some particular action on controller level with code like that: 我想在控制器级别的某些特定操作中删除X-Frame-Options标头,代码如下:
base.HttpContext.Response.Headers.Remove("X-Frame-Options");
However, it doesn't work. 但是,它不起作用。
Do you know how can I remove it? 你知道我该怎么删除它?
Any help will be appreciated. 任何帮助将不胜感激。
After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header: 在调查问题之后,我注意到可以创建一个ActionFilter来覆盖OnResultExecuted方法,在那里我可以删除那个http头:
public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
//...
filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
base.OnResultExecuted(filterContext);
}
}
It works so I'd like to share the solution. 它有效,所以我想分享解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.