X-Frame-Options ALLOW-FROM 无效

原因:谷歌浏览器较新版不支持ALLOW-FROM

办法:用另一个响应头Content-Security-Policy代替,配置其中的frame-ancestors

netCore写法(Startup.cs)

(1)旧

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("X-Frame-Options", "ALLOW-FROM http://localhost:8080 http://localhost:8088");
    await next();
});

(2)新

app.Use(async (context, next) =>
{
    context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors localhost:8080 localhost:*;");
    await next();
});

版权声明:本文为u013595395原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。