Content-Security-Policy and X-Frame-Options

Content-Security-Policy and X-Frame-Options

  

I need to change these settings in the IIS just for a particular espace but everytime the espace is published it overrides with the settings that the default website has.


Anyone with the same issue?

Hi Filipe.
Publishing an eSpace will always replace the local web config file.

Did you try using the AddHeader action from HTTPRequestHandler?
Either in the preparation of your layout (so it's called on every page), or in the preparation of a new WebBlock (that you would plane anywhere you need that header(s))

Cheers,

Yes i did but the action does not replace the value, it simply adds another

It sounds like you have settings in the default website that you want to keep using for different eSpaces.
Adding a second header with the same name, will make the browser only take the first into account. Is that correct?

Not sure if this would fix it, or if it's even the best solution, as I have no recollection of this setting being eSpace specific anywhere.
Maybe try and do your own RemoveHeader(tagName) extension, to call before the AddHeader and remove the existing header?

Something like HttpContext.Current.Items.Remove(TagName)

Perhaps is one solution to create an extension to remove first the header but I will wait first for other someone idea.  Thanks