问题
I updated my project MVC version to 5 and now iFrame does not load, I get this error:
Load denied by X-Frame-Options: www.blahblah.com does not permit cross-origin framing.
I noticed that for some reason now the X-Frame-Options header has SAMEORIGIN filled which does not allow the iframe to load a page from a different domain. This is a problem for me as I develop both the containing and inheriting page. I tried everything in IIS to change this header to no avail.
Anyone encountered this yet?
回答1:
I finally found the answer. Starting with MVC 5 Microsoft decided to set SAMEORIGIN in there by default. The best way I found to turn this tag off is by writing the following in the Global.asax.cs
protected void Application_Start()
{
//Bundles and stuff are here
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}
回答2:
Assuming your IFrame content is being served by your MVC app...
You might need to include a response header that permits cross origin requests:
Access-Control-Allow-Origin: *
来源:https://stackoverflow.com/questions/20253840/after-update-to-mvc-5-iframe-no-longer-works