Menu
I have a problem with X-Frame-Options http header.
I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses.
I still want to use default option and I don't want to use below line in Application_Start:
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
I would like to remove X-Frame-Options header in some particular action on controller level with code like that:
base.HttpContext.Response.Headers.Remove("X-Frame-Options");
However, it doesn't work.
Do you know how can I remove it?
Any help will be appreciated.
797
You can remove the HTTP header X-Frame-Options: SAMEORIGIN from WordPress by removing the send_frame_options_header function from the admin_init and login_init hooks. For example, you can add the following to your theme's functions.
X-Frame-Bypass is a Web Component, specifically a Customized Built-in Element, which extends an IFrame to bypass the X-Frame-Options: deny/sameorigin response header. Normally such headers prevent embedding a web page in an <iframe> element, but X-Frame-Bypass is using a CORS proxy to allow this.
After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:
public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
//...
filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
base.OnResultExecuted(filterContext);
}
}
It works so I'd like to share the solution.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With