SuppressXFrameOptionsHeader = true not removing x-frame-origin
I have a .net MVC app running on 4.6.1 I am trying to make a page work in an iFrame. I read the best way to do this is to update SuppressXFrameOptionsHeader in Global.asax. So I did that:
System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
But I cannot for the life of me get rid of the X-Frame-Origin header. I do not have any x-frame-origin settings set in web.config.
I am following instructions found here to turn off the header on application_start, then add it back as a global filter, then remove it on a page by page basis. But I can't even get the first step to work where I remove the header from the entire application.
Is there anywhere else this could be set I am overlooking?
An alternative approach could be to use the fact that all modern browsers (that excludes IE11) will ignore X-Frame-Options if Content-Security-Policy frame-ancestors directive is set.
You can set the header "Content-Security-Policy: frame-ancestors 'self' <host(s) of sites to allow>;"
- is it posible to upload directly to remote server using SFTP on ASP.net MVC
- How to view ViewBag content while debugging in Visual Studio?
- row counter in mvc index view can't generate number
- How to shorten a long url in HTML <a> tag
- Adding a controller factory to ASP MVC
- What should the view file/directory structure be in ASP.NET MVC?
- Asp.Net Core - simplest possible forms authentication
- creating dynamic views at runtime asp.net mvc
- Login Page with ASP.NET Core (MVC)
- Adding Admins using Seed data Asp.net core
- How can I redirect to a view without a controller in an ASP.NET MVC application?
- How to make sure all *.cshtml files are set to be "Content" for Build Action
- How to fix the "system cannot find the file specified" error in ASP.NET MVC and SQL Server 2019
- How to redirect to a page from a non controller in ASP.NET MVC?
- "This type of page is not served." error when trying to browse on *.cshtml files
- Is there a faster way to tell which element is the problem when ModelState.IsValid is false other than iterating through every element?
- ASP.NET Core 8 MVC: Action can't have named route value other than id
- Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
- SQL Selecting if "active" = true
- Can't convert from int to "classname"
- (ERROR 404) Can't find this page using @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
- login/logout issue for multiple IIS applications under the same site
- Loop through Viewbags with a variable name
- Why use @model IQueryable<> in the Razor View
- How can I transfer text in Ukrainian to microdata?
- How do I access HTML elements from ASP.NET MVC's .cshtml files?
- Redirect public ip to domain name
- Why does membership IsApproved set itself to false?
- ModelState.IsValid == false, why?
- Getting All Controllers and Actions names in C#