Created
April 1, 2025 12:56
-
-
Save ADefWebserver/74a8d483b3af21359d85e943d2d023a0 to your computer and use it in GitHub Desktop.
Allow a Blazor App app to be iframed in another app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Configure the HTTP request pipeline | |
| // To allow this Blazor App app to be iframed in another app | |
| app.Use(async (context, next) => | |
| { | |
| // How to display the app in an iframe | |
| context.Response.OnStarting(() => | |
| { | |
| // Remove X-Frame-Options header | |
| context.Response.Headers.Remove("X-Frame-Options"); | |
| // Remove Content-Security-Policy header | |
| context.Response.Headers.Remove("Content-Security-Policy"); | |
| // Add custom CSP to allow iframing from anywhere | |
| context.Response.Headers.Append("Content-Security-Policy", | |
| "default-src 'self'; " + | |
| "script-src 'self'; " + | |
| "style-src 'self' 'unsafe-inline'; " + | |
| "img-src 'self' data:; " + | |
| "font-src 'self'; " + | |
| "frame-ancestors *;"); | |
| return Task.CompletedTask; | |
| }); | |
| await next(); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment