Avoid CSRF setting adding x-frame-options header (#983)

claudiamurialdo · claudiamurialdo · commit 7942fec44135 · 2024-03-21T15:12:22.000-03:00
(cherry picked from commit 45054aa)
diff --git a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
@@ -220,7 +220,7 @@ public void ConfigureServices(IServiceCollection services)
 				services.AddAntiforgery(options =>
 				{
 					options.HeaderName = HttpHeader.X_CSRF_TOKEN_HEADER;
-					options.SuppressXFrameOptionsHeader = false;
+					options.SuppressXFrameOptionsHeader = true;
 				});
 			}
 			services.AddDirectoryBrowser();

Original file line number	Diff line number	Diff line change
`@@ -220,7 +220,7 @@ public void ConfigureServices(IServiceCollection services)`
`220`	`220`	`services.AddAntiforgery(options =>`
`221`	`221`	`{`
`222`	`222`	`options.HeaderName = HttpHeader.X_CSRF_TOKEN_HEADER;`
`223`		`- options.SuppressXFrameOptionsHeader = false;`
	`223`	`+ options.SuppressXFrameOptionsHeader = true;`
`224`	`224`	`});`
`225`	`225`	`}`
`226`	`226`	`services.AddDirectoryBrowser();`