Refused to display in a frame because it set X-Frame-Options to sameorigin
edx
506
Points
24
Posts
|
You cannot display a part of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page. This is a security feature to prevent click-jacking. Some details at How to show https://stackoverflow.com/questions/8700636/how-to-show-google-com-in-an-iframe in an iframe?
Posted On:
20-Jun-2017 04:09
|
Jak
908
Points
132
Posts
|
Since asp.net mvc is adding 'X-Frame-Options' in header to prevent clickjacking under anti-forgery. You need to remove it first. You can do this By adding following line in Gobal.asax.cs in 'Application_Start()'
Posted On:
20-Jun-2017 05:57
|
Rahul M...
4916
Points
27
Posts
|
I think, it is dangerous to allow all page of the site to show in iframe for cross-origin. I worried by the possibility of using clickjacking for getting user credintial and other confidential data. I think, you should create filter and add it to the specific action you want to show in iframe as:
May you can allow to the specific referrer as:
And you it as on action
Posted On:
20-Jun-2017 06:13
great.... - xyan 16-Sep-2017 03:26
|
clover ...
10
Points
0
Posts
|
yes its working for me.Thank you
Posted On:
12-Mar-2020 05:46
It works to me. - Raj 25-Oct-2023 03:24
|
CHINNAK...
10
Points
0
Posts
|
I have Followed as like You but not working to me . can you help me?
Posted On:
11-Aug-2022 06:53
Hope you got solution. thanks. - Brian 20-Mar-2024 22:58
|