Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • BJ Patel 84 posts 210 karma points
    Jun 20, 2022 @ 15:05
    BJ Patel
    0

    Preview Not working showing X-Frame-Options to deny.

    Getting issues while loading preview from the server. as show

    frame because it set 'X-Frame-Options' to 'deny'.

    As I have tried most of the recommended options to resolve it. like: setting from IIS and so on.

     <customHeaders>
          <add name="X-Frame-Options" value="SAMEORIGIN" />
        </customHeaders>
    

    enter image description here enter image description here

    And when I try to preview on the web server it works! (show preview) on the server with https://domain name.

    And it's showing a WebSocket connection error too. so not sure we have to follow any particular configuration for it?

    Thanks BJ

  • Damian 74 posts 397 karma points
    Jun 22, 2022 @ 16:33
    Damian
    0

    Hi BJ.

    There's a second, location-specific customHeader definition for the /umbraco Backoffice. I don't recall if this is Umbraco stock web.config but the following is a somewhat relevant snippit from a training course, I'd recommend to confirm this config section as well:

    <location path="umbraco"> <system.webServer> <urlCompression doStaticCompression="false" doDynamicCompression="false" dynamicCompressionBeforeCache="false" /> <httpProtocol> <customHeaders> <remove name="Content-Security-Policy" /> <add name="Content-Security-Policy" value="default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com our.umbraco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: our.umbraco.com our.umbraco.org *.gravatar.com umbraco.tv *.googleapis.com ; font-src 'self' data:;" /> </customHeaders> </httpProtocol> </system.webServer> </location>

    Hope this helps! Update with some more details if not, I've definitely resolved this one before and am glad to share. :v:

  • BJ Patel 84 posts 210 karma points
    Jun 23, 2022 @ 07:05
    BJ Patel
    0

    Hi Damian,

    Thank you. for sharing the code.

    But It did not resolve the issue, As still getting the same error message.

  • Damian 74 posts 397 karma points
    Jun 30, 2022 @ 15:14
    Damian
    0

    Right, 'somewhat-relevant' - I was simply pointing out that there is an additional location specific to the backoffice for you to check the customHeaders to ensure your x-frame-options etc. Sorry for the false hope of an easy resolution! Have you been able to get this worked out?

Please Sign in or register to post replies

Write your reply to:

Draft