在我的基于aspnetboilerplate的网站中,如何从asp.net核心响应中删除X-Frame-Options: SAMEORIGIN
标头。
我尝试了什么1.
string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
services.AddCors(options =>
{
options.AddPolicy(MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins("http://www.example.org/",
"https://www.example.org/");
});
});
app.UseCors(MyAllowSpecificOrigins);
也尝试在启动时添加此内容
services.AddAntiforgery(x => x.SuppressXFrameOptionsHeader = true);
添加到web.config <remove name="X-Frame-Options"/>
按如下所示初始化abp框架:
app.UseAbp(options =>
{
options.UseSecurityHeaders = false;
}); // Initializes ABP framework.