Login/Register
How to remove X-Frame-Options from the response
Asked Answered
Solved c#asp.net-mvchttp-headersx-frame-options
L

1

6

I have a problem with X-Frame-Options http header.

I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses.

I still want to use default option and I don't want to use below line in Application_Start:

AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

I would like to remove X-Frame-Options header in some particular action on controller level with code like that:

base.HttpContext.Response.Headers.Remove("X-Frame-Options");

However, it doesn't work.

Do you know how can I remove it?

Any help will be appreciated.

Longrange answered 7/9, 2015 at 10:35 Comment(0)
L
7

After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:

public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
    public override void OnResultExecuted(ResultExecutedContext filterContext)
    {
        //...
        filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
        base.OnResultExecuted(filterContext);
    }
}

It works so I'd like to share the solution.

Longrange answered 7/9, 2015 at 14:53 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.