Reputation: 73
Disabling same-origin policy in Electron (need this to work with iframes)
I'll try to be as short as possible since there's no need for code - I put an iframe tag in my Electron app and I want JavaScript to retrieve some information from it but due to same-origin policy, I can't do that. Can I disable it? Note: I am the owner of the page in the iframe.
var validate = document.getElementById('validate');
validate.onclick = function() {
var input = document.getElementById('serial').value;
var validator = document.createElement('iframe');
validator.src = "http://**********.com/?wvkey=" + input;
body.appendChild(validator);
var status = validator.contentWindow.document.getElementById('status').innerHTML;
if (status === "Key Status: Active") {
window.location.assign("../dashboard/index.html");
}
else {
window.location.assign("../support/keys/invalid/index.html");
}
}
When clicking a button on the page, the code is supposed to check for a text with the value of "Key Status: Active" in the iframe. If the condition is true, it should redirect the user to another page. If false, it should redirect him to an error page. In my app, however, the iframe just appears in the background and doesn't do anything - no redirects.
main.js (part of it):
win = new BrowserWindow({
height: 700,
resizable: false,
show: false,
webPreferences: {
nodeIntegration: true,
webSecurity: false
},
width: 790
})
EDIT (Updated)
var validate = document.getElementById('validate');
validate.onclick = function() {
var input = document.getElementById('serial').value;
var validator = document.createElement('iframe');
validator.onload = function() {
var status = validator.contentWindow.document.getElementById('status').innerHTML;
if (status === "Key Status: Active") {
window.location.assign("../dashboard/index.html");
}
else {
window.location.assign("../support/keys/invalid/index.html");
}
};
validator.src = "http://awebsite.com/?wvkey=" + input;
body.appendChild(validator);
}
Upvotes: 3
Views: 6746
Answers (1)
Reputation: 722
Since your question is how to disable security features like CORS in an Electron window, here is the setting you can use:
win = new BrowserWindow({
webPreferences: {
webSecurity: false
}
});
I'd however only use this as a last resort and rather have your website send the appropriate CORS headers.
* Edit *
After seeing your source code I believe there is an issue with your code:
var validator = document.createElement('iframe');
validator.src = "http://**********.com/?wvkey=" + input;
This will load your website into the <iframe> object however this happens asynchronously. Means you need to wait for the page to finish loading before you can continue with:
var status = validator.contentWindow.document.getElementById('status').innerHTML;
Change your code to something like this:
var validator = document.createElement('iframe');
validator.onload = function() {
var status = validator.contentWindow.document.getElementById('status').innerHTML;
[...]
};
validator.src = "http://**********.com/?wvkey=" + input;
body.appendChild(validator);
Note that you will still need the webSecurity or CORS settings to be able to access the validator frame content.
Upvotes: 2
Related Questions
- Blocked a frame with origin "file://" from accessing a cross-origin frame
- Electron - Bypass X-Frame-options in sameorigin
- Load local files into iframe in Electron app
- Why after --disable-web-security and deleting x-frame-options header this error still showing?
- Error when loading an external URL in an iframe with Electron
- Electron: Allow inline style only in specific iframe
- How do you prevent cross domain iframe window.top access?
- Open iframe link in the browser using electron
- iframe with local resource in Electron
- How to overcome same-origin-policy from iframe?