I hadn’t previously realised this but MVC adds an X-FRAME-OPTIONS: SAMEORIGIN header to site page responses as part of a security measure to prevent sites running in iframes. These can be removed in ASP.NET 5 applications by modifying the relevant option in Startup.cs.

public void ConfigureServices(IServiceCollection services)
{
	// Suppres X-FRAME-OPTIONS header to allow loading in iframe
	services.AddAntiforgery(options => {
		options.SuppressXFrameOptionsHeader = true;
	});
	
	// Add framework services.
	services.AddMvc();
}

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published.