I am rendering the SSRS report in angular using https://www.npmjs.com/package/ngx-ssrs-reportviewer
But it doesn't allow me to do so and gives me an error:
Refused to display 'http://SSRSServerName/Reports' In a frame, because it set `X-Frame-Options` to `SAMEORIGIN`.
I have bypassed this error by installing the chrome extension https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe locally. But obviously, I cannot force users to install this add on to load the reports.
I know Response headers is set server side in the response. Angular runs in the client and has nothing to to with that. But what could be the possible way to resolve this issue.
Updated
I tried to allow the CORS at ssrs side in Global.asax file
<%@ Application Inherits="Microsoft.ReportingServices.WebServer.Global" %>
<%@ Import namespace="System.Web" %>
<%@ Import namespace="System.Security" %>
<script runat="server">
protected void Application_BeginRequest()
{
string origin = Request.Headers.Get("Origin");
if (Request.HttpMethod == "OPTIONS")
{
Response.AddHeader("Access-Control-Allow-Origin", origin);
Response.AddHeader("Access-Control-Allow-Headers", "*");
Response.AddHeader("Access-Control-Allow-Methods", "GET,POST,PUT,OPTIONS,DELETE");
Response.StatusCode = 200;
Response.End();
}
else
{
Response.AddHeader("Access-Control-Allow-Origin", origin);
Response.AddHeader("Access-Control-Allow-Headers", "*");
Response.AddHeader("Access-Control-Allow-Methods", "GET,POST,PUT,OPTIONS,DELETE");
} } </script>
But it gives me error
Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin'