1
by default asp.net is setting x-frame-options: SAMEORIGIN which doesnt allow anywebsite to embed your IFRAME to disable that you need to
System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
But the make sure to have this value to same origin in web.config
Posted on 5:21 AM by Softminer and filed under
ASP.NET
by default asp.net is setting x-frame-options: SAMEORIGIN which doesnt allow anywebsite to embed your IFRAME to disable that you need to
System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
But the make sure to have this value to same origin in web.config
<add name="X-Frame-Options" value="SAMEORIGIN" />
The X-Frame-Options header may contain one of three tokens:
DENY
SAMEORIGIN
ALLOW-FROM origin
read more: https://bit.ly/2pGxI1n
you can allow a website by
X-Frame-Options: ALLOW-FROM https://yourwebsite.com
but new browser are also taking look at this value on header:
Content-Security-Policy: frame-ancestors 'self' https://yourwebsite.com
more about it
Visual Studio.Net