问题
When iam trying to access one of the asp.net core application controller view from react application, In the browser console iam getting eror like
'Refused to display 'http://localhost:1212/Account/Login/?ReturnUrl=%Home%MyIFrame%3url%TestData' in a frame because it set 'X-Frame-Options' to 'sameorigin'.'
since i am decorated action method with [Authorize] attribute
In startup.cs file was included
Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory){
app.UseCors(
options => options
.WithOrigins(
"http://localhost:3000",
)
.AllowAnyMethod()
.AllowAnyHeader()
);
}
回答1:
X-FRAME-OPTIONS is a web header that can be used to allow or deny a page to be iframed. This is very important when protecting against clickjacking attempts.
Thought it is not recommended , but if you want to change the make your application be iframed , you can try to add below config in Configure function of asp.net core application to set X-Frame-Options response header , for example:
app.Use(async (context, next) =>
{
context.Response.Headers.Add("X-Frame-Options", "AllowAll");
await next();
});
app.UseMvc();
来源:https://stackoverflow.com/questions/57606991/how-to-access-a-one-of-the-asp-net-core-controller-action-view-into-an-iframe-us