I have a problem with X-Frame-Options http header.
I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses.
I still want to use default option and I don't want to use below line in Application_Start:
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
I would like to remove X-Frame-Options header in some particular action on controller level with code like that:
base.HttpContext.Response.Headers.Remove("X-Frame-Options");
However, it doesn't work.
Do you know how can I remove it?
Any help will be appreciated.
After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:
public class AllowIframeFromUriAttribute : ActionFilterAttribute
{
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
//...
filterContext.HttpContext.Response.Headers.Remove("X-Frame-Options");
base.OnResultExecuted(filterContext);
}
}
It works so I'd like to share the solution.