Tag: asp.net mvc headers iis
-
Html.AntiForgeryToken() sets an X-Frame-Options header with the value 'SAMEORIGIN'
I recently migrated a project from ASP.NET MVC 4 to MVC 5 and the process went quite smoothly, except that all of a sudden my webpages were being returned with the X-Frame-Options header set with the value ‘SAMEORIGIN‘. This is actually a reasonable default as it helps mitigate the risk of ClickJacking. The website in…