Avoid CSRF setting adding x-frame-options header (#983)

claudiamurialdo · web-flow · commit 45054aa14494 · 2024-03-21T15:08:26.000-03:00
diff --git a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
@@ -221,7 +221,7 @@ public void ConfigureServices(IServiceCollection services)
 				services.AddAntiforgery(options =>
 				{
 					options.HeaderName = HttpHeader.X_CSRF_TOKEN_HEADER;
-					options.SuppressXFrameOptionsHeader = false;
+					options.SuppressXFrameOptionsHeader = true;
 				});
 			}
 			services.AddDirectoryBrowser();

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,7 @@ public void ConfigureServices(IServiceCollection services)`
`221`	`221`	`services.AddAntiforgery(options =>`
`222`	`222`	`{`
`223`	`223`	`options.HeaderName = HttpHeader.X_CSRF_TOKEN_HEADER;`
`224`		`- options.SuppressXFrameOptionsHeader = false;`
	`224`	`+ options.SuppressXFrameOptionsHeader = true;`
`225`	`225`	`});`
`226`	`226`	`}`
`227`	`227`	`services.AddDirectoryBrowser();`