Doubt about X-Frame-Options

Asked

Viewed 1,577 times

2

Yesterday I had a problem with the X-Frame-Options, as can be seen in this post. However, I added the solution, and it worked perfectly.
I’ve added the solution, but I have no idea what it does, and I’d like an explanation.

The solution added in my Global.asax was:

protected void Application_PreSendRequestHeaders()
{
    Response.Headers.Remove("X-Frame-Options");
     Response.AddHeader("X-Frame-Options", "AllowAll");

}

My question now is:

What is X-Frame-Options?

How it is used, and why it causes the type of problem demonstrated?

asp.net-mvc-5 iframe

1 answer

2


X-Frame-Options serves to indicate to the browser if and when your site may appear within a <iframe> from another site. The documentation is here.

A priori, configuration is done on the server.

You can even put a specific behavior to the X-Frame-Options (as in the case of your application), what is ok, since disabling this header item can cause your site to appear inside others in an unwanted way.

Browser other questions tagged asp.net-mvc-5 iframe

You are not signed in. Login or sign up in order to post.