search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.45k stars 10.03k forks source link

.net core - X-Frame-Options' to 'sameorigin' #17904

Closed ghost closed 4 years ago

ghost commented 4 years ago

Refused to display '/.pdf' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I have been taking this error when i have displayed pdf in iframe or embed.

<embed style="width:100%;" height="768" [src]="pageurl" type="application/pdf">

I have tried two suggestions, but the problem hasn't been resolved.

  1. In ConfigureServices method in Startup.cs, i have added this code block: services.AddAntiforgery(options => { options.SuppressXFrameOptionsHeader = true; });

  2. In Configure method in same class, i have added this code block:

app.Use(async (context, next) => { context.Response.Headers.Remove("X-Frame-Options"); await next(); }); Is there any solution for this error ?

damienbod commented 4 years ago

You could add the header to your responses. If you use for example NWebSec, you could define the X-Frame-Header in the CSP policy and then it will work

ghost commented 4 years ago

Thanks @damienbod