Kentico 13 x-frame-options

Matthew Butler asked on May 15, 2024 10:37

What is the recommended approach for applying x-frame-options in kentico 13.

I added the header manually, but as suggested it prevents it showing in the admin site.

Correct Answer

Brenden Kehren answered on May 15, 2024 16:19

We use the following in the Startup.cs Configure() method. It works with an Azure Web App too assuming you're not using the * domain.

app.Use(async (context, next) =>
    context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://localhost:5000 https://*");
    context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
    await next();
0 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.