locked
XFrame Option Allow From not working in VB.Net RRS feed

  • Question

  • Hi All,

    I've a vb.net website - only a page of this website is called by a Java website's iframe. This is only for viewing purpose, non editable. Its working fine until we ran an application scan which found it as a clickjacking vulnerability. So, I tried with xframe options allow from uri in web.config. But the Java application displays error as below.

    "This content cannot be displayed in a frame .

       To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."

    Allow from option in IE11 is not helpful. So the summary is, we need to show the webpage in Java application, but .Net side the vulnerability shouldn't persist more. Any suggestions are much appreciated.

    Thursday, September 4, 2014 1:12 PM

Answers

  • XFrame options is used in VB.Net application's web.config page.
    Still the incorrect forum, select the technology such as ASP.NET which if this is the case you want to ask in http://forums.asp.net/

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem.

    • Proposed as answer by Just Karl Thursday, September 4, 2014 10:03 PM
    • Marked as answer by Just Karl Tuesday, September 16, 2014 10:38 PM
    Thursday, September 4, 2014 3:05 PM

All replies

  • Hello,

    This forum is for VB.NET only.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem.

    Thursday, September 4, 2014 1:23 PM
  • XFrame options is used in VB.Net application's web.config page.
    Thursday, September 4, 2014 1:38 PM
  • XFrame options is used in VB.Net application's web.config page.
    Still the incorrect forum, select the technology such as ASP.NET which if this is the case you want to ask in http://forums.asp.net/

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem.

    • Proposed as answer by Just Karl Thursday, September 4, 2014 10:03 PM
    • Marked as answer by Just Karl Tuesday, September 16, 2014 10:38 PM
    Thursday, September 4, 2014 3:05 PM