Kentico 13 x-frame-options

Matthew Butler asked on May 15, 2024 10:37

What is the recommended approach for applying x-frame-options in kentico 13.

I added the header manually, but as suggested it prevents it showing in the admin site.

Correct Answer

Brenden Kehren answered on May 15, 2024 16:19

We use the following in the Startup.cs Configure() method. It works with an Azure Web App too assuming you're not using the *.azurewebsites.net domain. 

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://localhost:5000 https://*.yourdomain.com");
    context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
    await next();
});
0 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.