【发布时间】:2021-06-26 23:39:31
【问题描述】:
我的 iframe 出现问题。每当我尝试登录时,我的身份验证 cookie 似乎都不起作用,因为我只是被重定向回我的登录屏幕。我该如何解决这个问题?
当我只是正常运行网站时,cookie 工作正常,但一旦我在 iframe 中显示它,一切都会变糟。
这是我的 Startup.cs:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
services.AddMvc().AddRazorPagesOptions(o =>
{
o.Conventions.ConfigureFilter(new Microsoft.AspNetCore.Mvc.IgnoreAntiforgeryTokenAttribute());
});
// Here we set some settings for the authentication cookie, with the class CookieAuthenticationOptions which is a part of the Microsoft.AspNetCore.Authentication.Cookies namespace.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
// Here we set the name of the authentication cookie.
options.Cookie.Name = "AuthCookie";
// Here we set the cookie to Http Only, because no scripts should have access to change the cookie.
options.Cookie.HttpOnly = true;
// Here we set the cookie to be only send over an HTTPS connection.
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
// Here we set the SameSite to lax, because not all browser's set cookies without a SameSite value to lax.
options.Cookie.SameSite = SameSiteMode.Lax;
// Here we set the path to the Access denied site to our AccessDenied site. The site is shown if a user don't have access to the site he/she/it is trying to visit.
options.AccessDeniedPath = "/";
// Here we set the login page. The user is redirected to this site if he/she/it is not logged in and the site require the user to be logged in.
options.LoginPath = "/";
// Here we set the log out site.
options.LogoutPath = "/Logout";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
/* app.Use(async (context, next) =>
{
//
//context.Response.Headers.Remove("X-Frame-Options");
context.Response.Headers.Add("X-Frame-Options", "DENY");
});*/
app.Use(async (context, next) =>
{
context.Response.Headers.Remove("X-Frame-Options");
context.Response.Headers.Add("X-Frame-Options", "ALLOWALL");
//context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors https://kasp151f.000webhostapp.com/");
await next();
});
// app.UseHttpsRedirection();
// Here I enable authentication capeabilities for the website.
app.UseAuthentication();
// Here I enable authorization capeabilities for the website.
app.UseAuthorization();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
});
}
}
这是我的 iframe:
<iframe width="1280" height="720" frameBorder="0" scrolling="no" onload="HandleLocationChange(this, this.contentWindow.location.href)" src="http://kasperssejeside.tk/"></iframe>
【问题讨论】:
-
您的意思是使用 iframe 标签在另一个应用程序中呈现您的网站吗?尝试使用F12开发者工具检查cookie是否存在,确保没有过期,然后尝试清除cookie重新检查是否有效?
-
我检查了 cookie 并且 cookie 存在,但它就像参数没有设置在其中
标签: html asp.net-core iframe razor-pages x-frame-options