Topic
After adding the following HTTP Headers to C:\inetput\K2\web.config, all K2 forms cannot be loaded, and a "500 - Internal Server Error" is shown.
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="NoSniff" />
Instructions
By default X-XSS-Protection and X-Content-Type-Options are added in:
- [Program Files]\K2\K2 smartforms Runtime\web.config
- [Program Files]\K2\K2 Designer\web.config
You should not need to add those 2 headers to C:\inetput\K2\web.config. The web.config in C:\inetpub\K2 is meant for the root K2 site, but under the K2 site, there are separate applications hosted under the same site that has their respective web.config. Those applications such as Runtime and Designer have its own web.config that stores the settings for each application.
You can check [Program Files]\K2\K2 smartforms Runtime\web.config if the 2 headers are already added there. If the 2 headers are already present, by adding the headers in C:\inetpub\K2\web.config, you are effectively adding the same header twice.
To resolve this, remove the 2 HTTP headers added to C:\inetput\K2\web.config.