How to remove X-Frame-Options from a response

Question

How to remove X-Frame-Options from a response

I have a problem with the X-Frame-Options HTTP header.

I use MVC 5, so the SAMEORIGIN option is automatically added to the headers for the Http responses.

I still want to use the default option, and I don't want to use the line below in Application_Start:

AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

I would like to remove the X-Frame-Options header in some specific action at the controller level with this code:

 base.HttpContext.Response.Headers.Remove("X-Frame-Options");

However, this does not work.

Do you know how to remove it?

Any help would be appreciated.

+5

c # http-headers asp.net-mvc x-frame-options

adam.bielasty Sep 7 '15 at 10:35

source share

1 answer

adam.bielasty · Accepted Answer · 2015-09-07T14:53:19+0000

After examining the problem, I noticed that you can create an ActionFilter that overrides the OnResultExecuted method, where I can remove this http header:

 public class AllowIframeFromUriAttribute : ActionFilterAttribute { public override void OnResultExecuted(ResultExecutedContext filterContext) { //... filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options"); base.OnResultExecuted(filterContext); } }

It works, so I want to share this solution.

How to remove X-Frame-Options from a response

More articles: