I have a problem with X-Frame-Options http header.
我有X-Frame-Options http标头的问题。
I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses.
我使用MVC 5,因此SAMEORIGIN选项会自动添加到Haders响应的Headers中。
I still want to use default option and I don't want to use below line in Application_Start:
我仍然想使用默认选项,我不想在Application_Start中使用下面的行:
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
I would like to remove X-Frame-Options header in some particular action on controller level with code like that:
我想在控制器级别的某些特定操作中删除X-Frame-Options标头,代码如下:
base.HttpContext.Response.Headers.Remove("X-Frame-Options");
However, it doesn't work.
但是,它不起作用。
Do you know how can I remove it?
你知道我该怎么删除它?
Any help will be appreciated.
任何帮助将不胜感激。
1 个解决方案
#1
5
After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:
在调查问题之后,我注意到可以创建一个ActionFilter来覆盖OnResultExecuted方法,在那里我可以删除那个http头:
public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
//...
filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
base.OnResultExecuted(filterContext);
}
}
It works so I'd like to share the solution.
它的工作原理我想分享解决方案。
#1
5
After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:
在调查问题之后,我注意到可以创建一个ActionFilter来覆盖OnResultExecuted方法,在那里我可以删除那个http头:
public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
//...
filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
base.OnResultExecuted(filterContext);
}
}
It works so I'd like to share the solution.
它的工作原理我想分享解决方案。