Softminer.Net: IFrame embeding browser permissions

Monday, March 26, 2018

IFrame embeding browser permissions

by default asp.net is setting x-frame-options: SAMEORIGIN which doesnt allow anywebsite to embed your IFRAME to disable that you need to

System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

But the make sure to have this value to same origin in web.config

<add name="X-Frame-Options" value="SAMEORIGIN" />

The X-Frame-Options header may contain one of three tokens:

DENY

SAMEORIGIN

ALLOW-FROM origin

read more: https://bit.ly/2pGxI1n

you can allow a website by

X-Frame-Options: ALLOW-FROM https://yourwebsite.com

but new browser are also taking look at this value on header:

Content-Security-Policy: frame-ancestors 'self' https://yourwebsite.com

more about it

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://www.keycdn.com/blog/http-security-headers/

https://content-security-policy.com/

1 comment:

lucknowhotescorts.comJanuary 8, 2021 at 11:21 PM
I would like to say that you are an amazing blogger...You can inspired me to write blogs for
Escort service in Jaipur
Escort service in Jaipur
Escort service in Jaipur
Delhi escort service
Escort service in Guwahati
Escort service in Guwahati
Escort service in Guwahati
Escort service in Guwahati
Escort service in lucknow
Escort service in Aerocity
ReplyDelete
Replies