Display MVC 5 web site in an IFrame

October 28, 2013

Joost

1-Minute Read

ASP.Net MVC 5 automatically adds a HTTP header called X-Frame-Options with the value SAMEORIGIN to your web application. That header is intended to prevent click jacking and makes sure your site can’t be loaded in an IFrame. You can find more information about this header here.

Available response headers on a default ASP.Net website

But if you want to display your web application in an IFrame, the header is a pain the ass. The information about how to disable this header is not easy to find, the only solution I found is on a Japanese blog.

The solution is easy to implement; you can disable the header by placing the following code in your Global.asax.cs file.

protected void Application_Start()
{
  AreaRegistration.RegisterAllAreas();

  WebApiConfig.Register(GlobalConfiguration.Configuration);
  FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
  RouteConfig.RegisterRoutes(RouteTable.Routes);
  BundleConfig.RegisterBundles(BundleTable.Bundles);
  // Disable the HTTP Header X-Frame-Options: SAMEORIGIN
  AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}

Joost's blog

Display MVC 5 web site in an IFrame

Recent Posts

Automatic staging environment creation in Azure Static Web Apps

Bye bye Wordpress, Hello Hugo

How to run SPCAF v5 analysis during TeamBuild in TFS 2013

Categories

About