解决SharePoint不让嵌套iFrame问题
开发
根据在其他系统Iframe中显示SharePoint 页面提供的思路,根据SharePoint下在Feature中动态Register/Remove HttpModule提供的规则,创建一个SharePoint解决方案,步骤如下:
- 在
Visual Studio 2017中,创建Visual C# 类型项目,选择Office/SharePoint,选择SharePoint 2013 - 空项目 - 填写SharePoint站点地址,选择
部署卫场解决方案,点完成 解决方案资源管理器中,右击Features,选择添加功能,生成Feature1- 右击Feature1,选择
添加事件接收器,生成Feature1.EventReceiver.cs 解决方案资源管理器中,右击项目名,选择添加-新建项-Visual C#项-ASP.NET 项-添加,生成MyModule1.cs- 展开
Package,打开Package.package,属性窗口,将部署服务器类型,改为WebFrontEnd - 在
打包资源管理器(视图-其他-打包资源管理器)中选中项目名.Feature1,属性窗口,范围设置为WebApplication - 运行。(如果直接部署,可以在
解决方案管理器中双击Properties的属性窗口,SharePoint选项卡下的正在调试区域,取消调试后自动回收选项)
Feature1.EventReceiver.cs
public class Feature1EventReceiver : SPFeatureReceiver
{
// 插件激活,将HttpModule挂载到SharePoint
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPWebApplication application = (SPWebApplication)properties.Feature.Parent;
foreach (SPWebConfigModification modification in this.Modifications)
{
application.WebConfigModifications.Add(modification);
}
application.WebService.ApplyWebConfigModifications();
application.Update();
}
// 插件卸载,将HttpModule从SharePoint卸载
public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
{
SPWebApplication application = (SPWebApplication)properties.Feature.Parent;
foreach (SPWebConfigModification modification in this.Modifications)
{
application.WebConfigModifications.Remove(modification);
}
application.WebService.ApplyWebConfigModifications();
application.Update();
}
// 动态修改SharePoint托管在IIS的web.config,增加一个HttpModule
private SPWebConfigModification[] Modifications
{
get
{
SPWebConfigModification[] modificationArray = new SPWebConfigModification[1];
SPWebConfigModification modification = new SPWebConfigModification("add[@name='PermissiveXFrameHeaderModule']", "configuration/system.webServer/modules");
modification.Owner = "PERMISSIVEXFRAME";
modification.Sequence = 0;
modification.Type = SPWebConfigModification.SPWebConfigModificationType.EnsureChildNode;//0
modification.Value = string.Format("<add name='PermissiveXFrameHeaderModule' type='SharePointProject3.PermissiveXFrameHeaderModule,{0}' />", System.Reflection.Assembly.GetExecutingAssembly().FullName);
modificationArray[0] = modification;
return modificationArray;
}
}
} public class PermissiveXFrameHeaderModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.LogRequest += new EventHandler(OnLogRequest);
// 增加预处理事件
context.PreSendRequestHeaders += new EventHandler(this.context_PreSendRequestHeaders);
}
#endregion
public void OnLogRequest(Object source, EventArgs e)
{
}
private const string XFRAMEOPTIONS_HEADERNAME = "X-FRAME-OPTIONS";
private void context_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
// 直接移除有安全问题,所有的域够可以嵌入iFrame
application.Response.Headers.Remove("X-FRAME-OPTIONS");
// 测试Header 用来看代码是否生效
application.Response.Headers.Add("Plugin", "测试Header是否生效");
}
}发布
右击上面做好的解决方案名称,选中发布,选择文件系统的路径,点击发布
部署
添加解决方案
Add-SPSolution -LiteralPath C:\SharePointDist\SharePointProject3.wsp
Name:sharepointproject3.wsp
SolutionId:f23ca3e8-d8dd-4b16-9a4a-ffced6878944
安装状态
Get-SPSolution "f23ca3e8-d8dd-4b16-9a4a-ffced6878944"
部署解决方案
Install-SPSolution -Identity sharepointproject3.wsp -GACDeployment
错误恢复
提示未能加载程序集
IIS管理器下找到SharePoint站点,右击选择浏览,打开目录后,在web.confg文件中删除掉错误的Feature引用定义,即可。
失败方案
- aspx增加
<runat="server">方案失败!,母版页调整加入meta失败 - IIS增加URL重写
X-Frame-Options方案失败
参考文档
- X-Frame-Options
- SharePoint Iframe 报错“此内容不能显示在一个框架中
- 在其他系统Iframe中显示SharePoint 页面
- SharePoint下在Feature中动态Register/Remove HttpModule
- Combating ClickJacking With X-Frame-Options
- Removing “X-Frame-Options” header for a specific controller only
- IFraming SharePoint-hosted pages in apps
- How can I configure x-frame-options: allow-from on my sharepoint installation?
评论已关闭