0

I am working on an extension called Web Panel (actually it's an Opera extension, but the API is the same as the one in Chrome). Basically it allows the user to view a web page in an iframe. The problem is that many sites don't want this to happen, for example with x-frame-options. I already use this workaround: Getting around X-Frame-Options DENY in a Chrome extension?, but the problem is that it doesn't work on all sites, for example facebook. I have tried to remove the content-security-policy header as well, which actually made it work on github, but still not on facebook.

So, my three thoughts are:

  • What header should i remove to make it work?
  • Now I'm using chrome.webRequest.onHeadersReceived. Can it be that I have to use chrome.webRequest.onBeforeSendHeaders for example to remove any header?
  • Or is facebook using some other method for doing this? I know they simply can check if the window is top level by doing window == window.top, and then perhaps load content based on the condition. Can I modify the window variable somehow?
Community
  • 1
  • 1
gustavwiz
  • 187
  • 2
  • 6
  • These restrictions are in place for good reasons. _“Basically it allows the user to view a web page in an iframe”_ – and the purpose of that would be what exactly? – CBroe Jun 20 '16 at 11:21
  • @CBroe Opera has a side bar for putting different extensions in it (http://www.opera.com/blogs/desktop/2015/06/view-tabs-easier-get-sidebar-extensions-opera-30/). The old version of Opera had like a bulit in extensinon for viewing websites in the sidebar, so it becomes like a split screen. As they do not have this left, I made an extension. – gustavwiz Jun 20 '16 at 11:39

0 Answers0