可悲的是,我需要在nonasp.net网站上使用IFrame。服务器将托管两个应用程序。
Iframe会加载内容,但是当我点击此按钮链接时会出现错误:
in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
在Razor中我使用的是Url.Action,我读到了使用
&output=embed
所以我试图这样做:
<button class="btn btn-success" onclick="location.href='@Url.Action("AddComment", "Home", new { id = item.id })&output=embed';return false;">Add Comment</button>
然后我得到
的错误A potentially dangerous Request.Path value was detected from the client (&).
然后我尝试将其添加到web.config
<system.web>
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
然后我收到了这个错误...
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
更新
我发现即使没有Iframe,网址最终也是:
http://localhost:17308/Home/AddComment/4&output=embed
1. would that URL even work?
2. for MVC 5, is that snippet of code in the web.config system.web right?
答案 0 :(得分:10)
哦,不要那么做....
进入你的
Global.asax.cs
将此代码添加到您的 - &gt; protected void Application_Start()
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
(要添加的命名空间是 - &gt; System.Web.Helpers)