Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why ASP.NET Core application not loading in iframe in the same domain?

I have an ASP.NET Core MVC website that is the src of an IFRAME inside a portal. Both the portal an the .NETCore application have the same domain (eg. site.portal.domain / portal.domain).

When I enter the portal, I get a message in the browsers:

mysite.portal.domain refused to connect

(on Chrome), the other browser give different errors, like IE 11 gives:

This content cannot be displayed in a frame

On Chrome debug I found the message:

Refused to display 'https://site.portal.domain' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Any hints on how to solve that?

like image 606
staticdev Avatar asked Oct 23 '19 13:10

staticdev


People also ask

Can ASP NET core work with the .NET framework?

In order to run ASP.NET Core Apps on the . NET Framework it needs to only reference . Core NuGet packages which contains only the . NET Standard 2.0 builds.

Is .netcore a backend?

NET core, it is a daunting task. Both of them pave successful paths for apps. We hope you are aware of the fact that both of them are used in making a robust backend development.

What is the use of iframe in asp net?

An iframe is used to display a web page within a web page. Iframe is often used to also load third-party scripts in a page or other scripts.


1 Answers

X-FRAME-OPTIONS is used to protect against clickjacking attempts. If you own the application and want it be framed , you can skip the restrict :

services.AddAntiforgery(o => o.SuppressXFrameOptionsHeader = true);

By default, the X-Frame-Options header is generated with the value SAMEORIGIN. If this setting is 'true', the X-Frame-Options header will not be generated for the response.

like image 132
Nan Yu Avatar answered Oct 22 '22 12:10

Nan Yu