I'm also having this problem, after following Umbraco advice over X-Frame-Options, from their online security course
They said to allow SAMEORIGIN for Umbraco location, to enable some of the functionality, but it appears to have broken the preview
... my workaround is to put the whole site X-Frame-Options to SAMEORIGIN, not as secure as DENY, but will still protect against clickjacking from another domain :)
Preview node denied X-Frame-Options
Hi,
I'm not able to preview any node in Umbraco because the X-Frame-Options is set to "deny". Now this is true for the frontend, but within the:
I'm setting the X-Frame-Options to "SAMEORIGIN". Any ideas why the X-Frame-Options setting in Umbraco isn't working?
/David
Have you removed the header first? My tag looks like the following:
Hi Alex,
Yes, I do remove the header first. My header looks exactly like yours. :/
/ David
Hi David/Alex,
Did you fix this issue, I too have the same problem, and I updated the config files too.
thanks.
I'm also having this problem, after following Umbraco advice over X-Frame-Options, from their online security course
They said to allow SAMEORIGIN for Umbraco location, to enable some of the functionality, but it appears to have broken the preview
... my workaround is to put the whole site X-Frame-Options to SAMEORIGIN, not as secure as DENY, but will still protect against clickjacking from another domain :)
is working on a reply...