AI OnAI Off
Refused to display '[https-url]' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
This seems to be caused by episerver edit mode loading content in frame, and the fact that the x-frame-options : sameorigin header is set by the mvc framework pr default
one solution could be to supress the xframeoptions header for all pages, edit mode or not
global.asax :
protected void Application_Start()
{
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}
Another solution could be to remove the x-frameoptions header when pages are in editmode, using a filter on those controllers loading content via https
public class XframeFilter: ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
if (PageEditing.PageIsInEditMode)
{
filterContext.HttpContext.Response.Headers.Remove("x-frame-options");
}
}
May 08, 2015 21:56
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hi!
I am getting the following error (in EPiServer) in the console, when I am trying to browse https-pages on our website:
Refused to display 'https://[url]' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Our website is running the latest version of Episerver and using https on only a subset of our pages, using the [RequireHttps] attribute.
I assume its caused by EPiServer trying to load a https page while EPiserver itself is not running under https, but I am just guessing.
Does anyone know how to solve this error?
Best regards
Jesper