Description
Describe the bug
. NET9.0 Blazor Web App cannot allow cross domain websites to display nested iframe tags.
Exceptions (if any)
- Adding code to. NET 8.0 is effective, but NET9.0 is invalid:
builder.Services.AddAntiforgery(options =>
{
options.SuppressXFrameOptionsHeader = true;
});
Further technical details
-
Browser page prompt: Localhost has refused the connection.
-
Browser console error message: Refused to frame 'https://localhost:33500/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
-
Browser response header: content-security-policy: frame-ancestors 'self'
-
Trying to add the following code did not solve the problem,The reason is that regardless of the operation, there is always a policy in the browser response header:content-security-policy: frame-ancestors 'self':
app.Use(async (context, next) =>
{
// https://localhost:5000 As the parent page domain name
context.Response.Headers.Append("Content-Security-Policy", "frame-ancestors https://localhost:5000");
// or
// context.Response.Headers.Append("Content-Security-Policy", "frame-ancestors *");
// or
// context.Response.Headers.Remove("Content-Security-Policy");await next();
});