asp.net - How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header?

Question

I am developing a web page that needs to display, in an iframe, a report served by another company's SharePoint server. They are fine with this.

The page we're trying to render in the iframe is giving us X-Frame-Options: SAMEORIGIN which causes the browser (at least IE8) to refuse to render the content in a frame.

First, is this something they can control or is it something SharePoint just does by default? If I ask them to turn this off, could they even do it?

Second, can I do something to tell the browser to ignore this http header and just render the frame?

Answer 1

UPDATE: 2019-12-30

It seem that this tool is no longer working! [Request for update!]

UPDATE 2019-01-06: You can bypass X-Frame-Options in an <iframe> using my X-Frame-Bypass Web Component. It extends the IFrame element by using multiple CORS proxies and it was tested in the latest Firefox and Chrome.

You can use it as follows:

1. (Optional) Include the Custom Elements with Built-in Extends polyfill for Safari:

   <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>
   

2. Include the X-Frame-Bypass JS module:

   <script type="module" src="x-frame-bypass.js"></script>
   

3. Insert the X-Frame-Bypass Custom Element:

   <iframe is="x-frame-bypass" src="https://example.org/"></iframe>