Posted By Tom Melkonian on 07 Nov 2019 12:21 PM Do you have any other idea where the X-Frame-Options="SAMEORIGIN" is being set? Thanks Tom
Tom,
either in the web.config or maybe in the machine.config.
Check your web.config for the following line in the configuration >> system.webServer >> httpProtocol >> customHeaders section (think of angle brackets instead of square brackets):
[add name="X-Frame-Options" value="SAMEORIGIN" /]
and remove that line.
If that does not help or if you don't find that line, add this line (in the same section as above):
[remove name="X-Frame-Options" /]
Happy DNNing! Michael
Posted By Tom Melkonian on 08 Nov 2019 01:10 PM Refused to display 'http://healthtest.co.santa-cruz.ca.us/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOW-FROM http://testportal.co.santa-cruz.ca.us'). Falling back to 'deny'.
This suggests it's being added after the 'http://healthtest.co.santa-cruz.ca.us/' website has finished doing its thing. I'd agree with Michael's suggestion — a WAF or some other network security software would be a good place to look.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.