Friday, 20 March 2015

Error: Load Denied by X-Frame-Options while opening Sitecore Content Editor

Leave a Comment
Recently I’ve faced strange issue while working with one Sitecore.NET 7.0.(rev. 130810) solution.  I was unable to open Sitecore content editor. I’ve checked console window to verify if there are any errors. I was getting error: “Error: Load Denied by X-Frame-Options

I’ve troubleshoot the error and found below piece of code in global.asax.cs file:
protected void Application_PreSendRequestHeaders()
        {
            Response.Headers.Remove("Server");
            Response.Headers.Remove("X-AspNet-Version");
            Response.Headers.Remove("X-AspNetMvc-Version");
            Response.AddHeader("X-Frame-Options", "DENY");
        }
Above code logic was added to enhance the security of web application. X-Frame-Options is a good additional layer of protection to prevent clickjacking on your site.  Response.AddHeader("X-Frame-Options", "DENY") was causing the actual issue. DENY option means that  the page can never be framed by any page, including a page with the same origin hence content editor was not opening. I’ve changed Response.AddHeader("X-Frame-Options", "DENY") to Response.AddHeader("X-Frame-Options", "SAMEORIGIN") and I was no longer getting any error while opening content editor. SAMEORIGIN option means that the page can be framed, but only by another page with the same origin.

Comments and suggestions are most welcome. Happy coding!

0 comments :

Post a comment