0

Hi I am developing website using asp .net mvc5 but when I am using IFrame it is not showing any results. After googling and reading some documents I have found that MVC5 stops Iframe by default. I have found some answers on stackoverflow and other blogs but nothing works for me. Please check where I am doing mistake:

Here is my Code:

 public ActionResult Index()
 {
 return View();
 }

My View:

<iframe width="482" height="500" scrolling="no" frameborder="0" id="paymentFrame" src="http://www.codingfusion.com"></iframe>

I have tried following solutions so far:

After update to MVC 5, iframe no longer works

https://www.iambacon.co.uk/blog/mvc5-prevents-your-website-being-loaded-in-an-iframe

http://joost.haneveer.nl/asp-net/display-mvc-5-web-site-in-an-iframe/

Here is my Global.asax file:

 protected void Application_Start()
 {
 AreaRegistration.RegisterAllAreas();
 FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
 RouteConfig.RegisterRoutes(RouteTable.Routes);
 BundleConfig.RegisterBundles(BundleTable.Bundles);
 // MVC5 generates the "X-Frame-Options SAMEORIGIN" header by default, the following line disables the default behaviour
 System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
 }
 protected void Application_BeginRequest()
 {
 Response.AddHeader("X-Frame-Options", "DENY");
 }
asked Apr 10, 2017 at 12:44

3 Answers 3

1

just remove the following code:

protected void Application_BeginRequest()
 {
 Response.AddHeader("X-Frame-Options", "DENY");
 }
answered Apr 11, 2017 at 11:51
Sign up to request clarification or add additional context in comments.

1 Comment

frame will be block by many option like (application tier, network tier, firewall, or may be blocked by your ISP). you just work with your application tier
0

You're explicitly adding an X-Frame-Options: DENY header. Change that to ALLOW-FROM http://foo.com, where "foo.com" is the URL of the site where you are framing the site that sets this header. Then, you should be fine. Or, you can just not add the header at all here, since you're already suppressing it otherwise.

answered Apr 10, 2017 at 13:32

1 Comment

Thanks but it is not working, I have also tried removing Application_BeginRequest()
0

So finally I have solved my issue, I had followed wrong path from the beginning, There was no issue in showing websites using Iframe and MVC5 (I do not know how I walked on this path my be googling and trying solutions randomly). The real issue was:

My Domain consists of SSL (https://) and i was trying to display non SSL (http://) website. This causes cross origin and my Iframe is not working properly (how ever I can view complete code of the website by viewing source code of my page)

Solution: Luckily the website which I was trying to show in my Iframe supports SSL (https://) So I have only added (https://) to my Iframe source.

answered Apr 17, 2017 at 12:39

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.