stackoom
  简体   繁体   中英

How to change X-Frame-Options" from DENY to SAMEORIGIN

 原文  2020-07-01 17:09:06       c#/ asp.net

Question

I'm working with ASP.NET. Due to security reasons I hadto set X-Frame-Options to DENY in Web.Config. But the site contains some iframes. So, I have to change the X-Frame-Options to SAMEORIGIN from time to time.

In the Page_PreRender event I have written the following code:

HttpContext.Current.Response.Headers.Remove("X-Frame-Options");
HttpContext.Current.Response.AppendHeader("X-Frame-Options", "SAMEORIGIN");
```

But I still get the DENY option from the web config.

Please, any ideas?

1 answers

solution1
 0 ACCPTED  2020-07-01 18:19:41

Have a look at this answer: https://stackoverflow.com/a/42168501/970074

Depending on your project, you'll likely want to look at another location to insert the "DENY" instead of in the web.config so that you can override it when necessary with "SAMEORIGIN". Action filters would be a good place to do this if you're using MVC.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to remove X-Frame-Options from the response X-Frame-Options: ALLOW-FROM HTTP and HTTPS ASP.Net Core: X-Frame-Options strange behavior Adding X-Frame-Options header to all pages in MVC 4 application ASP.NET MVC 5 not sending X-Frame-Options header by default VS2013 Cordova plugin and X-Frame-Options header issues with Azure websites Load denied by X-Frame-Options: websitename/Register does not permit cross-origin framing in MVC5 X-Frame-Options bug in ASP.NET MVC (.NET 4.5.1) Removing X-Frame-Options being added automatically only in Login page How can i enable X Frame options in asp.net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM