1

When iam trying to access one of the asp.net core application controller view from react application, In the browser console iam getting eror like

'Refused to display 'http://localhost:1212/Account/Login/?ReturnUrl=%Home%MyIFrame%3url%TestData' in a frame because it set 'X-Frame-Options' to 'sameorigin'.'

since i am decorated action method with [Authorize] attribute

In startup.cs file was included

Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory){
app.UseCors(
                options => options
                   .WithOrigins(
                     "http://localhost:3000",
                 )
                   .AllowAnyMethod()
                   .AllowAnyHeader()
                );
}
ArunPratap
  • 4,816
  • 7
  • 25
  • 43
Cust_1
  • 85
  • 1
  • 1
  • 6

1 Answers1

0

X-FRAME-OPTIONS is a web header that can be used to allow or deny a page to be iframed. This is very important when protecting against clickjacking attempts.

Thought it is not recommended , but if you want to change the make your application be iframed , you can try to add below config in Configure function of asp.net core application to set X-Frame-Options response header , for example:

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("X-Frame-Options", "AllowAll");
    await next();
});
app.UseMvc();
Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • was tried the above approach but its loading the total application.. but I want to load a particular webpage(Asp.net core action view) in react js(another application) IFrame...since due to authorization iam not able to access the page.... so here i want to implement a bearer token concept in startup.cs file. I got stuck here how to implement that. Is there any good approach?? – Cust_1 Aug 23 '19 at 07:47
  • No , iframe is not recommend . And if you enable the jwt authecation in web application , you should provide jwt token as authorzation header (or query string )which is depends on your server side application , but it's not a good idea to put a secure application in an iframe because that expose you to security issue. – Nan Yu Aug 23 '19 at 10:13
  • Yeah I just want to test my application...How to enable the jwt authecation in asp.net core application??How to provide the jwt token as authorization?? – Cust_1 Aug 26 '19 at 06:35
  • @Gandhi , see code sample : https://stackoverflow.com/questions/13432821/is-it-possible-to-add-request-headers-to-an-iframe-src-request – Nan Yu Aug 26 '19 at 06:46