There's a second, location-specific customHeader definition for the /umbraco Backoffice. I don't recall if this is Umbraco stock web.config but the following is a somewhat relevant snippit from a training course, I'd recommend to confirm this config section as well:
Right, 'somewhat-relevant' - I was simply pointing out that there is an additional location specific to the backoffice for you to check the customHeaders to ensure your x-frame-options etc. Sorry for the false hope of an easy resolution! Have you been able to get this worked out?
Preview Not working showing X-Frame-Options to deny.
Getting issues while loading preview from the server. as show
As I have tried most of the recommended options to resolve it. like: setting from IIS and so on.
And when I try to preview on the web server it works! (show preview) on the server with https://domain name.
And it's showing a WebSocket connection error too. so not sure we have to follow any particular configuration for it?
Thanks BJ
Hi BJ.
There's a second, location-specific
customHeaderdefinition for the /umbraco Backoffice. I don't recall if this is Umbraco stock web.config but the following is a somewhat relevant snippit from a training course, I'd recommend to confirm this config section as well:<location path="umbraco"> <system.webServer> <urlCompression doStaticCompression="false" doDynamicCompression="false" dynamicCompressionBeforeCache="false" /> <httpProtocol> <customHeaders> <remove name="Content-Security-Policy" /> <add name="Content-Security-Policy" value="default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com our.umbraco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: our.umbraco.com our.umbraco.org *.gravatar.com umbraco.tv *.googleapis.com ; font-src 'self' data:;" /> </customHeaders> </httpProtocol> </system.webServer> </location>Hope this helps! Update with some more details if not, I've definitely resolved this one before and am glad to share. :v:
Hi Damian,
Thank you. for sharing the code.
But It did not resolve the issue, As still getting the same error message.
Right, 'somewhat-relevant' - I was simply pointing out that there is an additional location specific to the backoffice for you to check the customHeaders to ensure your x-frame-options etc. Sorry for the false hope of an easy resolution! Have you been able to get this worked out?
is working on a reply...