0

I got custom policy to handle local sign in, forgot password and Entra ID login in my .net core 8 mvc web app. It is working fine in regular login, however I got a problem when using it with an iFrame. I can login for the first time(when browser cookies and cash are clean) then I sign out and try to log in again I get 400 bad request. My x-frame-options and content-security-policy: app.Use(async (context, next) => { context.Response.Headers.Add("X-Frame-Options", "ALLOW-FROM https://my-domain.com"); context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'self' https://my-domain.com"); await next(); });

I tried to clear cookies manually on SignOut it did not seem to help.

1
Related questions
390
400 BAD request HTTP error code meaning?
71
Content Security Policy directive: "frame-ancestors 'self'
0
CORS with iframe - Login fails with "400 Bad Request"
Load 7 more related questions Show fewer related questions

0

Reset to default