I am getting the following error (in EPiServer) in the console, when I am trying to browse https-pages on our website:
Refused to display 'https://[url]' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Our website is running the latest version of Episerver and using https on only a subset of our pages, using the [RequireHttps] attribute.
I assume its caused by EPiServer trying to load a https page while EPiserver itself is not running under https, but I am just guessing.
Does anyone know how to solve this error?
This seems to be caused by episerver edit mode loading content in frame, and the fact that the x-frame-options : sameorigin header is set by the mvc framework pr default
one solution could be to supress the xframeoptions header for all pages, edit mode or not
protected void Application_Start()
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
Another solution could be to remove the x-frameoptions header when pages are in editmode, using a filter on those controllers loading content via https
public class XframeFilter: ActionFilterAttribute
public override void OnResultExecuted(ResultExecutedContext filterContext)