Bypass The X-Frame-Options: SAMEORIGIN HTTP Header?
May 6, 2010
I am developing a web page that needs to display, in an iframe, a report served by another company's SharePoint server. They are fine with this. The page we're trying to render in the iframe is giving us X-Frame-Options: SAMEORIGIN which causes the browser (at least IE8) to refuse to render the content in a frame. First, is this something they can control or is it something SharePoint just does by default? If I ask them to turn this off, could they even do it? Second, can I do something to tell the browser to ignore this http header and just render the frame?
View 1 Replies
Similar Messages:
Aug 11, 2010
Scenario: I have a bunch of web applications for which I want to add a simple ping functionality via http handler. Example: [URL]
Problem: For some of the applications this approach does not work becasue of custom HttpModule. These modules have some depedency on either authentication or some other processing logic due to which it makes the request invalid.
I am trying to find a solution to get this ping functionality work without making any changes to existing HttpModules.
View 2 Replies
Oct 30, 2010
I call a webservices from my javascript and im getting response as error.
Server did not recognize the value of HTTP Header SOAPAction:
View 1 Replies
Jun 15, 2010
We are implementing a single sign on mechanism in an enterprise environment, where the token is shared between applications using HTTP header. Now, in order to do the integration test, I need to write an application to simulate this. Is there any way in ASP.NET where I can redirect to another web-page and pass a custom HTTP header in the process?
View 3 Replies
May 14, 2010
I have an asp.net appliction on the one server. There I've added code on server-side in Page_Load:
Response.AddHeader("key", "password-key-from-hotel");
On the client side I have a form:
<form ... action="www.link-to-another-domaint" >
<input type="hidden" id="asd" value="fgh" >
....
</form>
<script type="text/javascript">
document.forms[0].submit();
</script>
Then on the other domain - there is also my other application - I'm trying to get the hedaer "key" by this code:
Request.Headers["key"].ToString();
But there is no such header. Is there is a desicion? Where is my mistake?
View 2 Replies
Apr 1, 2010
Is it at all possible to use IIS7's rewrite capability in web.config to strip a particular HTTP header from a client request?We have an application that makes an HTTP POST to our website, and apparently the request contains the HTTP Expect header. Previously this was not a problem, but we've switched hosts and now the site is returning HTTP error 417 Expectation failed. So the real solution is to fix the software so it doesn't send the Expect header, but that can't happen soon enough for the folks in charge, who'd like to come up with an immediate web-based fix.I've used ISAPI_Rewrite before and I've read that it can strip a header, and the new host claimed they had ISAPI installed... but that seems to have been a lie, as I cannot get it to work, and support's only response on the subject is "use IIS7 Rewrite instead."
View 2 Replies
Aug 4, 2010
I have one ajax call web service, and want to add some http headers using javascript, can we do that use setrequestheader in ms ajax?This is my javascript
[Code]....
[Code]....
View 3 Replies
Mar 12, 2010
I have this situation where I have three pages:
The first page, default.htm, is a frameset page that uses the other two pages.
The second page, casemenu.aspx, is a form that contains an object we call "PopupManager": It has an element <xxx:PopupManager runat="server"/>. This object is dependent on the standard ScriptManager, which requires a form.
The third page, header.aspx, contains three links. Each link calls a JScript function that in turn calls a function on the Popup Manager. It makes the call to the popup manager with an expression like 'top.frames.casemenu._PopupManager'.
Now, the problem I have is that I have to change default.htm to be a normal page containing an iframe, which will refer to a new page, container.aspx, which has the original frameset. When I do that, I can no longer access the PopupManager the same way ('top.frames.casemenu._PopupManager' no longer works.)
I would like some way to refer to the PopupManager relative to header.aspx, something like "self.parent.frames.casemenu._PopupManager", but that doesn't work.
View 1 Replies
May 19, 2010
I am getting the following warnings on the Event Log for a Asp.Net WebSite running on IIS 7.
Exception information:
Exception type: HttpException
Exception message: Server cannot append header after HTTP headers have been sent.
at System.Web.Hosting.ISAPIWorkerRequest.SendUnknownResponseHeader(String name, String value)
[code]....
I tried to debug the WebSite but it just does not show in debugger. The web page which has got this issue contains the following.
Its a content page with a Master page.
It has a grid inside an UpdatePanel which is Triggered by a Timer.
On the specified time grid data is refreshed.
Everytime this happens we see a new warning in the EventLog.
View 1 Replies
Oct 6, 2010
I've tried to write my own HttpModule (IHttpModule) that adds a Header like that:
public class MyModule: IHttpModule
{
public void Init(HttpApplication c)
{
c.BeginRequest += delegate{c.Response.AddHeader("MyHeader", "MyValue");};
}
public void Dispose(){}
}
and tried to read in a aspx page like that:
var x = Request.ServerVariables["MyHeader"];
View 1 Replies
Jul 23, 2010
I have a very simple query. I have added custom header to my website. Now I want to read the custom header. I am using IIS 6.0 on windows XP. I have already tried using using the Request.ServerVariables and and Request.header method. But none of them give me the custom header added to website.
View 2 Replies
Oct 5, 2010
cant read http custome header "MSISDN" from my web service ... same code works on regular asp.net page. Can anyone shade a light on that subject ?
View 2 Replies
Sep 10, 2010
I want to perform a get request on a remote URL and then extract the headers returned.
View 1 Replies
Jan 16, 2010
First, a little background. I have written a custom HTTP compression module for ASP.NET. My development machine has Windows 7 Ultimate, which comes with IIS7. My production environment uses IIS6.
The problem I'm having is, Resource Expert Droid (redbot.org) tells me that I need to add a header to my response to properly support compression: "Vary: Accept-Encoding"
On IIS7 in integrated mode, it works properly. However, in classic mode, which is how my application ultimately runs, I cannot get my code to output this header using any of Response.AppendHeader(), Response.Cache.SetVaryByCustom(), or Response.Cache.VaryByHeaders.
View 1 Replies
Oct 21, 2010
I am attempting to set the content-type of an asp.net .ashx file to text/plain.
When I run this through the ASP.NET Development Server, the content-type is properly set. When I serve it through IIS7, however, the content-type (and any other header values I set) don't come through (it came through as text/html).
The only value set in the HTTP Response Headers section of IIS Manager is the X-Powered-By attribute. I tried setting the content-type here, but that didn't work. But if I removed the X-Powered-By attribute, it was removed from the header.
[code]....
View 1 Replies
Mar 3, 2010
I got the error when I called a webservice
---- Server did not recognize the value of HTTP Header SOAPAction: http://tempuri.org/GetBestBidOfferData.
The odd thing is that I have several methods in this webservice, and only two of them got me the error message. It used to work, but then gave me the error message after i added some other methods to the asmx file.
The namespace should be the same for all the methods. One more thing to note is: these two methods had return data type DataTable before, and I changed it to DataSet. It should not affect anything, I assume.
View 1 Replies
Sep 2, 2010
There are two applications "Sender", "Receiver"."Receiver" is a asp.net page, running in a serverSender" is not an asp.net page and running in some other server."Sender" is passing a string (eg. userName) through http header."Receiver" is reading the string from http header as followsRequest.Header["userName"].How to pass values through http header? Can I have some samples?
View 5 Replies
Mar 22, 2011
I am having issue with cache-control. I have one IIS website with multiple host headers. When you browse site number 1 then cache will be set for this site, when you open browser again and go to 2nd site you will see content from first site. How can I determine cache content based on the site user visits? Everything working fine when you have 1 site and host header related to SAME site.
//Set Cacheability
if (!Context.User.Identity.IsAuthenticated && _activeNode.CacheDuration > 0)
{
var eTag = GetETag(_activeNode);
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.Public);
[Code]....
View 1 Replies
Sep 10, 2010
What is the code to output a specific HTTP header e.g. x-adexpert-id
View 2 Replies
Mar 8, 2010
Our system is designed to deploy to regions with unreliable and/or insufficient network connections. We build our own fault tolerating data replication services that uses BITS.
Due to some security and maintenance requirements, we implemented our own ASP.NET file download service on the server side, instead of just letting IIS serving up the files. When BITS client makes an HTTP download request with the specified range of the file, our ASP.NET page pulls the demanded file segment into memory and serve that up as the HTTP response. That is the theory. ;) This theory fails in artificial lab scenarios but I would not let the system deploy in real life scenarios unless we can overcome that.
Lab scenario: I have BITS client and the IIS on the same developer machine, so practically I have enormous network "bandwidth" and BITS is intelligent enough to detect that. As BITS client discovers the unlimited bandwidth, it gets more and more "greedy". At each HTTP request, BITS wants to grasp greater and greater file ranges (we are talking about downloading CD iso files, videos), demanding 20-40MB inside a single HTTP request, a size that I am not comfortable to pull into memory on the server side as one go. I can overcome that simply by giving less than demanded. It is OK.
However, BITS gets really "confident" and "arrogant" demanding files WITHOUT specifying the download range, i.e., it wants the entire file in a single request, and this is where things go wrong. I do not know how to answer that response in the case of a 600MB file. If I just provide the starting 1MB range of the file, BITS client keeps sending HTTP requests for the same file without download range to continue, it hammers its point that it wants the entire file in one go. Since I am reluctant to provide the entire file, BITS gives up after several trials and reports error.
View 1 Replies
Sep 11, 2010
Our IIS server (v7) has the following settings in [Custom HTTP Headers] for our whole site:
Pragma: no-cache Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, post-check=0, pre-check=0 X-Powered-By: ASP.NET
Out of the whole site, there are some pages that require the "no cache" setting to be removed for them to work properly. This was done manually by our IIS Administrator until recently. Now we were told that we need to do it programmatically on our end. The following were the code snippets (VB.NET) we have used with no luck in success.
Method-1
Response.Headers.Remove("Pragma")
Response.Headers.Remove("Cache-Control")
Response.Headers.Add("Cache-Control", "private")
Response.CacheControl = System.Web.HttpCacheability.public
Method-2
Response.ClearHeaders()
Response.Headers.Clear()
Response.CacheControl = "Public"
Response.Cache.SetCacheability(HttpCacheability.Public)
Response.Cache.SetAllowResponseInBrowserHistory(True)
View 3 Replies
Sep 3, 2010
Server cannot append header after HTTP headers have been sent
[Code]....
[Code]....
View 2 Replies
Jul 20, 2010
I am trying to call a webservice that requires me to authenticate and then pass the session id returned from the authenticate method to subsequent web service calls. The session id has to be passed as HTTP request header. So I tried using the following code to add the session id to a HTTP request header:
System.Collections.Specialized.NameValueCollection headers =
HttpContext.Current.Request.Headers;
Type t = headers.GetType();
//get the property
System.Reflection.PropertyInfo p = t.GetProperty("IsReadOnly",System.Reflection.BindingFlags.Instance
| System.Reflection.BindingFlags.IgnoreCase | System.Reflection.BindingFlags.NonPublic
| System.Reflection.BindingFlags.FlattenHierarchy);
//unset readonly
p.SetValue(headers, false,
null);
//add a header
headers.Add("Cookie",
"SID=" + sessionId );
The header is supposed to be called "Cookie" and the SID contains the session id. The problem is the last line in the code above gives an exception saying "Operation is not supported on this platform". I am running this code on my dev machine with with Windows XP Professional Service Pack 3 and IIS 5.1. I haven't been able to find any solution to this problem after days of searching. I also tried to deploy my web app on IIS directly but had the same error.
View 2 Replies
Feb 23, 2011
Some of my users are getting the following error
HTTP 502 Proxy Error - The size of the response header is too large. Contact your ISA server administrator. (12216) Internet Security and Acceleration Server
I am guessing it has to do with the size of hidden "__ViewState" tag in my ASP.NET pages.
I also realize that this is restriction imposed to by IT on the users end and I have no contol over it.
I disabled ViewState on all the controls in my ASP.NET pages. However, __ViewState is still generated very large (as always) to persist control-state (e.g. checkbox, radiobutton, etc.)
View 2 Replies
Jan 18, 2011
I have a Default.aspx program that contains a Treeview with a SiteMapDataSource. I also have a web.sitemap loaded up with urls. When I run the deafult app I get the tree layout that matches the numbers of options but no text on any of the options to click.
View 1 Replies
