Last active
January 26, 2016 05:59
-
-
Save hgirish/bcbd5b05029be90451f5 to your computer and use it in GitHub Desktop.
AntiforgeryToken adds X-Frame-Options per token, resulting in large header size, causing error 520 in CloudFlare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // AntiForgeryToken automatically adds x-Frame-Options SAMEORIGIN for each token | |
| // resulting in | |
| // X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN.... | |
| // This happens when there is update form inside the list and each update form have Antiforgerytoken | |
| // If hosted on CloudFlare, this will produce Error 520, if header size becomes larger than 32KB | |
| // Adding following will fix the issue. | |
| // Global.ascx.cs | |
| protected void Application_Start() | |
| { | |
| AntiForgeryConfig.SuppressXFrameOptionsHeader = true; | |
| // rest of the code | |
| } | |
| // add back single x-frame-options in web.config, because above code will not include any x-frame options | |
| // web.config | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <add name="X-Frame-Options" value="SAMEORIGIN" /> | |
| </customHeaders> | |
| </httpProtocol> | |
| // rest of the configuration | |
| </system.webServer> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment