Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
Hi everyone! Hopefully someone can help me!
I wanted to ask for help to solve a problem I have when running a security scanner on my website.
I get the following error:
X-Frame-Options -> There was a duplicate X-Frame-Options header.
I have correctly configured my Web.Config file, however, the error keeps popping up.
do you have any idea why this is happening?
Hi Hans,
Does this page have a Umbraco Form or a Form on it use a anti forgery token ?
Dave
Hi Dave, thanks for the reply!
Yes, the website have a simple form with reCAPTCA. Will this cause any conflict?
Yes Dave, in one page used @Html.AntiForgeryToken().
Using @Html.AntiForgeryToken will add a X-Frame-Options header to your response.
What version of Umbraco are you using ?
Hi Dave! You are right.
I have added this line in my code (Startup.cs), so that the @html.antiforgerytoken() does not add any new X-Frame-Options.
Thanks Dave, for helping me!
Also check in your startup.cs file to see if you have this code
app.UseXfo(options => options.SameOrigin());
with .netcore you don't need to set it in the web.config necesarilary.
Hi Huw Reddick, thanks for the reply!
In my startup.cs file, I don't have this line of code.
Do you think I need this line in my code?
I believe the prefered method in .net core it to do it in program/startup rather than in web.config
Doing it in Umbraco https://docs.umbraco.com/umbraco-cms/extending/health-check/guides/clickjackingprotection
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.
Continue discussion
warning message on security scan - x-frame-options is duplicated
Hi everyone! Hopefully someone can help me!
I wanted to ask for help to solve a problem I have when running a security scanner on my website.
I get the following error:
X-Frame-Options -> There was a duplicate X-Frame-Options header.
I have correctly configured my Web.Config file, however, the error keeps popping up.
do you have any idea why this is happening?
Hi Hans,
Does this page have a Umbraco Form or a Form on it use a anti forgery token ?
Dave
Hi Dave, thanks for the reply!
Yes, the website have a simple form with reCAPTCA. Will this cause any conflict?
Yes Dave, in one page used @Html.AntiForgeryToken().
Hi Hans,
Using @Html.AntiForgeryToken will add a X-Frame-Options header to your response.
What version of Umbraco are you using ?
Dave
Hi Dave! You are right.
I have added this line in my code (Startup.cs), so that the @html.antiforgerytoken() does not add any new X-Frame-Options.
Thanks Dave, for helping me!
Also check in your startup.cs file to see if you have this code
with .netcore you don't need to set it in the web.config necesarilary.
Hi Huw Reddick, thanks for the reply!
In my startup.cs file, I don't have this line of code.
Do you think I need this line in my code?
I believe the prefered method in .net core it to do it in program/startup rather than in web.config
Doing it in Umbraco https://docs.umbraco.com/umbraco-cms/extending/health-check/guides/clickjackingprotection
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.