Last post Nov 28, 2019 09:37 AM by Khuram.Shahzad
Nov 28, 2019 07:29 AM|Moveslikejagger|LINK
We have a website ASP.NET with a Secure login until recently it used to work from another website which used an iframe to access our website and the session used to hold.
Now, this has stopped working! We are wondering whats going on!
Nov 28, 2019 08:02 AM|PatriceSc|LINK
iframe is quite sensitive from a security point of view. Any message on F12 Console ? See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe and in particular security
ALL happens inside an iframe until the user is moving to another page ? You have this with all browsers ?
Nov 28, 2019 09:04 AM|Moveslikejagger|LINK
It was working fine until a Recent Server update, We are this on a server 2012, Last 3 years this worked fine, all of a sudden it stopped working and now from the iframe the session no longer passes.
Just wondering if anyone else has faced this and any possible solution?
Yes its on all browsers now!
Nov 28, 2019 09:23 AM|Khuram.Shahzad|LINK
to files, it depends on browser and environment.
In your golbal.asax.cs set X-Frame-Options to AllowAll:
protected void Application_PreSendRequestHeaders()
Nov 28, 2019 09:28 AM|PatriceSc|LINK
Not seen that. Which update ? Anything special in the release notes ?
I would still use F12 Console if not done already. AFAIK most if not all browsers should show a message when blocking something because of a security issue (even because of a server sent header for example).
Nov 28, 2019 09:37 AM|Khuram.Shahzad|LINK
What i meant was, three year back some thing was running, now its not, the answer subject to this is the browser update their security, web standard get updated, restriction like CORS is not allowing to open some one site in iframe unless you specify and