Iframe not showing website in Asp .Net MVC5

Question

Hi I am developing website using asp .net mvc5 but when I am using IFrame it is not showing any results. After googling and reading some documents I have found that MVC5 stops Iframe by default. I have found some answers on stackoverflow and other blogs but nothing works for me. Please check where I am doing mistake:

Here is my Code:

 public ActionResult Index()
    {
        return View();
    }

My View:

<iframe width="482" height="500" scrolling="no" frameborder="0" id="paymentFrame" src="http://www.codingfusion.com"></iframe>

I have tried following solutions so far:

After update to MVC 5, iframe no longer works

https://www.iambacon.co.uk/blog/mvc5-prevents-your-website-being-loaded-in-an-iframe

http://joost.haneveer.nl/asp-net/display-mvc-5-web-site-in-an-iframe/

Here is my Global.asax file:

  protected void Application_Start()
    {
        AreaRegistration.RegisterAllAreas();
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        BundleConfig.RegisterBundles(BundleTable.Bundles);

        //  MVC5 generates the "X-Frame-Options SAMEORIGIN" header by default, the following line disables the default behaviour
        System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
    }

    protected void Application_BeginRequest()
    {
        Response.AddHeader("X-Frame-Options", "DENY");
    }

score 1 · Answer 1 · answered Apr 11 '17 at 11:51

1

just remove the following code:

protected void Application_BeginRequest()
    {
        Response.AddHeader("X-Frame-Options", "DENY");
    }

answered Apr 11 '17 at 11:51

Mzhda Saeed

213
2
4

frame will be block by many option like (application tier, network tier, firewall, or may be blocked by your ISP). you just work with your application tier – Mzhda Saeed Apr 13 '17 at 11:30

score 0 · Answer 2 · answered Apr 10 '17 at 13:32

0

You're explicitly adding an X-Frame-Options: DENY header. Change that to ALLOW-FROM http://foo.com, where "foo.com" is the URL of the site where you are framing the site that sets this header. Then, you should be fine. Or, you can just not add the header at all here, since you're already suppressing it otherwise.

answered Apr 10 '17 at 13:32

Chris Pratt

232,153
36
385
444

Thanks but it is not working, I have also tried removing Application_BeginRequest() – Tony S Apr 10 '17 at 13:45

score 0 · Accepted Answer · answered Apr 17 '17 at 12:39

So finally I have solved my issue, I had followed wrong path from the beginning, There was no issue in showing websites using Iframe and MVC5 (I do not know how I walked on this path my be googling and trying solutions randomly). The real issue was:

My Domain consists of SSL (https://) and i was trying to display non SSL (http://) website. This causes cross origin and my Iframe is not working properly (how ever I can view complete code of the website by viewing source code of my page)

Solution: Luckily the website which I was trying to show in my Iframe supports SSL (https://) So I have only added (https://) to my Iframe source.

Iframe not showing website in Asp .Net MVC5

3 Answers3