Wednesday, October 3, 2018

How to set the X-Frame-Options for a .NET application.

For older apps that have the Web.config you can do this per this:

      <httpProtocol>
         <customHeaders>
            <add name="X-Frame-Options" value="DENY" />
         </customHeaders>
      </httpProtocol>
   </system.webServer>
</configuration>

 
 

For the modern .NET Core stuff you can do this per this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
   app.Use(async (context, next) =>
   {
      context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
      await next();
   });
   
   app.UseMvc();
}

 
 

The link immediately above also suggests you may set a rule at an .htaccess file to estable the X-Frame-Options rules like so:

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)