1

I have been looking for 2 days how to make a chrome extension, which, through the background page, navigates to a remote page (e.g "http://hotmail.com") and wich uses events dispatcher to go somewhere, check mails, check posts on a forum, etc ..

I've looked inside google mail checker extension, I saw that the extensions simply use a XMLHttpRequest() and evaluate the result. But the result is a prepared xml document that contains only informations like "mail:" "subject" "date:" "3" etc.. So under no circumstances it evaluate a html page, dispatch events and go another page ..

So I wonder if it's possible, I've tried including an iframe through document.createElement() and document.body.appendChild() but I have an error message: "Refused to display document because display forbidden by X-Frame-Options." whereas I put "permissions": [ ":///*" ] in the manifest file.

Captain Obvlious
  • 19,754
  • 5
  • 44
  • 74
TinyMan
  • 11
  • 1

1 Answers1

1

X-Frame-Options is an HTTP header sent by the server that specifies if a page should be shown in an iframe. Chrome is designed to obey restrictions from X-Frame-Options, and there is no way for an extension to relax this restriction.

Perhaps you could use a cross-domain Ajax requestt to grab information. This only gets you the raw code for the page, so it isn't as helpful if the page has iframes within it or uses scripts to dynamically build itself. However, I suspect most mail services have a "simple HTML" view that you could scrape (assuming you're building a mail checker).

See the related question Overcoming "Display forbidden by X-Frame-Options".

Community
  • 1
  • 1
apsillers
  • 112,806
  • 17
  • 235
  • 239
  • Thank you. So, there is no way to evaluate text received by an ajax request as a DOM ? (I tried DOMParser, i got Parser Error :]) – TinyMan Apr 19 '12 at 20:03
  • DOMParser doesn't seem to work for HTML (except in Firefox beta). What you can do instead is make a new element with `var newPage = document.createElement("html")`, and then drop the Ajax results in with `newPage.innerHTML = ...`. Thanks to the auto-parsing of `innerHTML`, you'll have a fully accessible DOM for the page. – apsillers Apr 20 '12 at 15:29
  • Bear in mind that you may need to clear out the doctype header and open/closing `` tags for this to work cross-browser (otherwise you could possibly get the block of your Ajax'd page immediately inside an outer block. My tests indicate that the latest FF and Chrome will handle that for you, but I can't speak for IE or any others. – apsillers Apr 20 '12 at 15:34