adam.bielasty adam.bielasty - 6 months ago 49
C# Question

How to remove X-Frame-Options from the response

I have a problem with X-Frame-Options http header.

I use MVC 5, so SAMEORIGIN option is automatically added in Headers for Http Responses.

I still want to use default option and I don't want to use below line in Application_Start:

AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

I would like to remove X-Frame-Options header in some particular action on controller level with code like that:


However, it doesn't work.

Do you know how can I remove it?

Any help will be appreciated.


After investigating the problem, I noticed that it is possible to create an ActionFilter which overrides OnResultExecuted method, where I can remove that http header:

public class AllowIframeFromUriAttribute : ActionFilterAttribute
    public override void OnResultExecuted(ResultExecutedContext filterContext)

It works so I'd like to share the solution.