Thursday 22 June 2023

Removing X-Frame-Options in ASP.NET MVC Core 7

I had an ASP.NET Core 7 App that used forms.

And I actually WANTED it to be used within an iFrame.

As soon as you add a form to a Web App, the server immediately starts returning X-Frame-Options: SameOrigin in all requests.

I tried a variety of means to remove this, including:

app.UseStaticFiles();

            app.Use(async (context, next) =>
            {
                context.Response.Headers.Remove("X-Frame-Options");
                context.Response.Headers.Add("Bob", "Hello");
                await next.Invoke();
            });


            app.UseRouting();

The Bob header was being added, but X-Frame-Options stubbonly remained.
In the end I found the solution was to use:

// Remove X-Frame-Options, allowing Framing
            builder.Services.AddAntiforgery(options =>
            {
                options.SuppressXFrameOptionsHeader = true;
            });


Saturday 17 June 2023

Transferring domains to Google

I decided to leave 123-reg after they chose to upgrade their email services and removed catch-all email forwarding. I found a slight issue when transferring Nominet (.uk) domains to Google. The transfer process requires Google to send a handshake email to the registrant's email address, requesting them to approve the transfer. However, if you don't have a gmail address registered, you don't seem to get an email. So it is important to set the registrant's contact email to a Gmail address first, before setting the IPS tag.