Try our conversational search powered by Generative AI!
AI OnAI Off
This seems to be caused by episerver edit mode loading content in frame, and the fact that the x-frame-options : sameorigin header is set by the mvc framework pr default
one solution could be to supress the xframeoptions header for all pages, edit mode or not
global.asax :
protected void Application_Start() { AntiForgeryConfig.SuppressXFrameOptionsHeader = true; }
Another solution could be to remove the x-frameoptions header when pages are in editmode, using a filter on those controllers loading content via https
public class XframeFilter: ActionFilterAttribute { public override void OnResultExecuted(ResultExecutedContext filterContext) { if (PageEditing.PageIsInEditMode) { filterContext.HttpContext.Response.Headers.Remove("x-frame-options"); } }
Hi!
I am getting the following error (in EPiServer) in the console, when I am trying to browse https-pages on our website:
Refused to display 'https://[url]' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Our website is running the latest version of Episerver and using https on only a subset of our pages, using the [RequireHttps] attribute.
I assume its caused by EPiServer trying to load a https page while EPiserver itself is not running under https, but I am just guessing.
Does anyone know how to solve this error?
Best regards
Jesper