Allow others to iframe my site
Solution 1
In your golbal.asax.cs
set X-Frame-Options
to AllowAll
:
protected void Application_PreSendRequestHeaders()
{
Response.Headers.Remove("X-Frame-Options");
Response.AddHeader("X-Frame-Options", "AllowAll");
}
Solution 2
Since your website is the frame target, you would make all the changes to your website. As you will see below, this is quite simple.
Option 1 - Modify your web application's web.config file Remove the X-Frame-Options custom header
Before:
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="AllowAll" />
</customHeaders>
</httpProtocol>
...
</system.webServer>
After
<system.webServer>
...
<httpProtocol>
<customHeaders/>
</httpProtocol>
...
</system.webServer>
Option 2 - Log onto the web server and access IIS Manager
- Open Internet Information Services (IIS) Manager.
- In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect.
- Double-click the HTTP Response Headers icon in the feature list in the middle.
- Select X-Frame-Options from the list
- In the Actions pane on the right side, click Remove.
- Click OK to save your changes.
Vlado Pandžić
Senior .NET software engineer @ Rimac Technology Github: https://github.com/vladop/ Blog: https://www.vladopandzic.com/ Tecnologies: C# .NET Javascript ASP.NET MVC jQuery HTML AngularJS React.js ASP.NET Web API CSS SQL ASP.NET C Delete Design Patterns ASP.NET Web Forms Web Development AJAX Web Applications Android Development HTML 5 SEO Bootstrap jQuery Mobile Backbone.js Mobile Application Development Git Entity Framework Microsoft SQL Server Front-end Development TypeScript
Updated on February 24, 2020Comments
-
Vlado Pandžić about 4 years
If others tries to iframe my site they get error "Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN' ". Do they have to change something, or I, or both? I found there are options for X-Frame-Options :SAMEORIGIN,DENY,and allow only one site. Configuration :IIS8, ASP.NET MVC. Are there any global settings to allow others to iframe my site?