[BUG] . NET9.0 Blazor Web App cannot allow cross domain websites to display nested iframe tags #59532
Comments
dotnet-issue-labeler
bot
added
the
area-networking
martincostello
added
area-blazor
|
@jackrao168 thanks for contacting us. Blazor enables compression of the websocket connection by default in 9.0 and limits framing of the app. You can configure this in the call to |
javiercn
added
question
✔️ Resolution: Answered
|
This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes. See our Issue Management Policies for more information. |
Thank you very much, The problem has been resolved. |
Describe the bug
. NET9.0 Blazor Web App cannot allow cross domain websites to display nested iframe tags.
Exceptions (if any)
builder.Services.AddAntiforgery(options =>
{
options.SuppressXFrameOptionsHeader = true;
});
Further technical details
Browser page prompt: Localhost has refused the connection.
Browser console error message: Refused to frame 'https://localhost:33500/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Browser response header: content-security-policy: frame-ancestors 'self'
Trying to add the following code did not solve the problem,The reason is that regardless of the operation, there is always a policy in the browser response header:content-security-policy: frame-ancestors 'self':
app.Use(async (context, next) =>
{
// https://localhost:5000 As the parent page domain name
context.Response.Headers.Append("Content-Security-Policy", "frame-ancestors https://localhost:5000");
// or
// context.Response.Headers.Append("Content-Security-Policy", "frame-ancestors *");
// or
// context.Response.Headers.Remove("Content-Security-Policy");
await next();
});
The text was updated successfully, but these errors were encountered: