Reputation: 7480
Ignoring X-Frame-Options in firefox webextension
I'm trying to port my extension from Chrome to Firefox, however I have problem with X-Frame-Options. My extension is pretty simple, all it does is create few iframes, wait for them to load and then extract some data from the loaded pages.
This all works great it Chrome, however in Firefox I have problem that the page
does not load in the iframe (probably due to X-Frame-Options: ALLOW-FROM XXX).
In Chrome having
"permissions": {
"https://example.com/"
}
is enough to make browser ignore the X-Frame-Options, but in Firefox it still does not work.
So, how can I force Firefox to ignore this X-Frame-Options for my extension (and its pages)?
EDIT: I would just like to add that since I'm using injected content script anyway (to get data from the frame), I don't need it to be in an iframe. All I need is to render the page without it being visible to user (so new tabs etc. are no-go :/).
EDIT2: This 2 file extension works in chrome, but not in firefox:
manifest.json
{
"manifest_version": 2,
"name": "Iframe test",
"description": "foobar",
"version": "0.9.3",
"browser_action": {
"default_popup": "popup.html"
},
"permissions": [
"activeTab",
"https://jisho.org/"
]
}
popup.html
<html>
<head>
<meta charset="UTF-8" />
</head>
<body>
<iframe src="https://jisho.org"></iframe>
</body>
</html>
Upvotes: 0
Views: 986
Answers (1)
Reputation: 337
It looks like it "just works" in Chrome because Chrome doesn't support "ALLOW FROM".
Firefox does the right thing here, but you can intercept this header like any other with the webRequest API, specifically webRequest.onHeadersReceived. Something like this (untested) should work:
browser.webRequest.onHeadersReceived.addListener((details) => {
let newHeaders = details.responseHeaders.filter(
header => !header.name.toLowerCase().endsWith('frame-options')
);
return {responseHeaders: newHeaders};
},
{
urls: [ 'https://jisho.org/*' ],
types: [ 'sub_frame' ]
},
['blocking', 'responseHeaders']
);
You also require the webRequest and webRequestBlocking permissions for this.
Upvotes: 1
Related Questions
- Firefox WebExtension options button not working
- Disable X-Frame-Option on client side
- Firefox extension: show iframe by url
- WebExtension Firefox - Disable temporarily other add-ons
- How to waive Xrays vision in latest Firefox WebExtension?
- Overriding Browser API's
- Firefox WebExtension, isolated HTML overlay
- Disable x-frame-options in MVC3 or IIS 7.5
- Firefox addon ignore iframes
- disabling frame resize in Firefox