Allow others to iframe my site

asp.net iis iframe web-config
28,737

Solution 1

In your golbal.asax.cs set X-Frame-Options to AllowAll:

 protected void Application_PreSendRequestHeaders()
 {
    Response.Headers.Remove("X-Frame-Options");
    Response.AddHeader("X-Frame-Options", "AllowAll");
 }

Solution 2

Since your website is the frame target, you would make all the changes to your website. As you will see below, this is quite simple.

Option 1 - Modify your web application's web.config file Remove the X-Frame-Options custom header

Before:

<system.webServer>
...
<httpProtocol>
  <customHeaders>
    <add name="X-Frame-Options" value="AllowAll" />
  </customHeaders>
 </httpProtocol>
...
</system.webServer>

After

<system.webServer>
...
<httpProtocol>
  <customHeaders/>
 </httpProtocol>
...
</system.webServer>

Option 2 - Log onto the web server and access IIS Manager

  1. Open Internet Information Services (IIS) Manager.
  2. In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect.
  3. Double-click the HTTP Response Headers icon in the feature list in the middle.
  4. Select X-Frame-Options from the list
  5. In the Actions pane on the right side, click Remove.
  6. Click OK to save your changes.
Share:
28,737
Vlado Pandžić
Author by

Vlado Pandžić

Senior .NET software engineer @ Rimac Technology Github: https://github.com/vladop/ Blog: https://www.vladopandzic.com/ Tecnologies: C# .NET Javascript ASP.NET MVC jQuery HTML AngularJS React.js ASP.NET Web API CSS SQL ASP.NET C Delete Design Patterns ASP.NET Web Forms Web Development AJAX Web Applications Android Development HTML 5 SEO Bootstrap jQuery Mobile Backbone.js Mobile Application Development Git Entity Framework Microsoft SQL Server Front-end Development TypeScript

Updated on February 24, 2020

Comments

  • Vlado Pandžić
    Vlado Pandžić about 4 years

    If others tries to iframe my site they get error "Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN' ". Do they have to change something, or I, or both? I found there are options for X-Frame-Options :SAMEORIGIN,DENY,and allow only one site. Configuration :IIS8, ASP.NET MVC. Are there any global settings to allow others to iframe my site?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Disable x-frame-options in MVC3 or IIS 7.5
How to set a default page on Azure Web App
Configuring an ASP.NET application in IIS
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level
How do i publish a Blazor ASP.NET App in IIS?
Configuring subdirectory authentication mode in applications hosted under root site
What does existingResponse="PassThrough" mean in IIS?
ASP.NET IIS Web.config [Internal Server Error]
How to prevent an ASP.NET application restarting when the web.config is modified?
How can I secure passwords stored inside web.config?