X-FRAME-OPTIONS Response Header

Published by Shinigami on

I hadn’t previously realised this but MVC adds an X-FRAME-OPTIONS: SAMEORIGIN header to site page responses as part of a security measure to prevent sites running in iframes. These can be removed in ASP.NET 5 applications by modifying the relevant option in Startup.cs.

public void ConfigureServices(IServiceCollection services)
{
	// Suppres X-FRAME-OPTIONS header to allow loading in iframe
	services.AddAntiforgery(options => {
		options.SuppressXFrameOptionsHeader = true;
	});
	
	// Add framework services.
	services.AddMvc();
}
Categories: Programming
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Programming

Updating openssh

We run regular security scans against our resources using AppCheck and one of the issues it’s recently picked up is that we’re using an older version of openssh on our Ubuntu virtual machines which has Read more…

Programming

Cloning a Private Repository in a GitHub Workflow

When working with GitHub workflows it’s possible to checkout different repositories to the one that the workflows are present in. However if the source repository is private you’ll get a not found error when trying Read more…

Programming

Installing Multiple .NET Versions in GitHub Actions

I’m currently creating GitHub Action pipelines for building and testing multiple solutions within a single large monorepo. These solutions target a variety of .NET versions so in order to allow them all to run in Read more…