/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame, except for pages from the specified /// origin. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="origin"> /// The origin that is allowed to display pages from this application in /// a frame. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing allowed only /// from the same origin. /// </returns> public static ResponseHeadersOptionsBuilder AllowFramingFromOrigin(this ResponseHeadersOptionsBuilder builder, string origin) => builder.AddFrameOptions($"ALLOW-FROM {origin}");
/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing disabled. /// </returns> public static ResponseHeadersOptionsBuilder PreventFraming(this ResponseHeadersOptionsBuilder builder) => builder.AddFrameOptions("DENY");
/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame, except for pages from the current /// origin. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing allowed only /// from the same origin. /// </returns> public static ResponseHeadersOptionsBuilder AllowFramingFromSameOrigin(this ResponseHeadersOptionsBuilder builder) => builder.AddFrameOptions("SAMEORIGIN");