You can prevent this frame issue by setting the HTTP header "X-Frame-Options" to sameorigin OR allow-from uri of the production web site on live.
When the value is set to sameorigin
, the page can only be displayed in a frame on the same origin as the page itself.
When it is set to allow-from <URL of the production site>
, the page can only be displayed in a frame on the specified origin.
Both options are suitable and recommended.
To configure IIS to send the X-Frame-Options header, add this to your site's Web.config file:
Only the deny setting can cause troubles. If you set the X-Frame-Options to deny
, the page will be not displayed in a frame, regardless of the site attempting to do so. This will affect RadEditor File Browser dialogs, RadWindow when its NavigationUrl is set and also RadTabStrip and RadSplitter, because in this scenarios their contents are loaded in an iframe. The deny option will prevent the content loading in the iframe.
The deny option will prevent RadEditor to load the contents of its iframe based dialogs like the Image Manager, Document Manager and other, you have to configure the control to use the standard browser dialogs by setting editor.set_useClassicDialogs(true); , e.g.
You can find more information at https://www.telerik.com/support/kb/aspnet-ajax/editor/details/using-browser-modal-dialog-instead-of-radwindow
Get quickly onboarded and successful
with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.