Getting around X-Frame-Options DENY in a Chrome extension?

by

Chrome offers the webRequest API to intercept and modify HTTP requests. You can remove the X-Frame-Options header to allow inlining pages within an iframe.

chrome.webRequest.onHeadersReceived.addListener(
    function(info) {
        var headers = info.responseHeaders;
        for (var i=headers.length-1; i>=0; --i) {
            var header = headers[i].name.toLowerCase();
            if (header == 'x-frame-options' || header == 'frame-options') {
                headers.splice(i, 1); // Remove header
            }
        }
        return {responseHeaders: headers};
    }, {
        urls: [
            '*://*/*', // Pattern to match all http(s) pages
            // '*://*.example.org/*', // Pattern to match one http(s) site
        ], 
        types: [ 'sub_frame' ]
    }, [
        'blocking',
        'responseHeaders',
        // Modern Chrome needs 'extraHeaders' to see and change this header,
        // so the following code evaluates to 'extraHeaders' only in modern Chrome.
        chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
    ].filter(Boolean)
);

In the manifest, you need to specify the webRequest and webRequestBlocking permissions, plus the URLs patterns you’re intending to intercept i.e. "*://*/*" or "*://www.example.org/*" for the example above.

More Related Contents:

  1. Communicate between scripts in the background context (background script, browser action, page action, options page, etc.)
  2. Is there a way to uniquely identify an iframe that the content script runs in for my Chrome extension?
  3. Accessing iframe from chrome extension
  4. How can I get the current Crome URL?
  5. Chrome extension that enables chatting with users on same page [closed]
  6. How can I access the contents of an iframe with JavaScript/jQuery?
  7. How to get the body’s content of an iframe in Javascript?
  8. Pass a parameter to a content script injected using chrome.tabs.executeScript()
  9. Returning Chrome storage API value without function
  10. How to refresh an IFrame using Javascript?
  11. chrome extension – sendResponse not waiting for async function [duplicate]
  12. Access elements of parent window from iframe
  13. Chrome Extension: Port error: Could not establish connection. Receiving end does not exist.
  14. Chrome Extension: Get Page Variables in Content Script
  15. Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame while listing the iframes in page
  16. popup window in Chrome extension
  17. How to auto-size an iFrame? [duplicate]
  18. Good Reasons why not to use Iframes in page content [closed]
  19. Open link in iframe [closed]
  20. cross-domain iframe resizer?
  21. How can I save information locally in my chrome extension?
  22. How to get the currently opened tab’s URL in my page action popup?
  23. How can I enter data into a custom-handled input field?
  24. Pass a variable from content script to popup
  25. Refresh iFrame (Cache Issue)
  26. Can I use puppeteer inside chrome extension
  27. Detect when an iframe is loaded
  28. Can javascript running inside an iframe affect the main page?
  29. How to refactor global variables from MV2 to using chrome.storage in MV3 service worker?
  30. How to set iframe content of a react component

Leave a Comment