0

I'm working on a Chrome extension and I need to embed Google services (search, mail, contacts ...) in iframes. I've searched a lot and I get it is not possible because of Click jacking with the corresponding headers.

However, there's this extension, Black Menu (https://chrome.google.com/webstore/detail/black-menu-for-google/eignhdfgaldabilaaegmdfbajngjmoke?hl=en), that managed to embed most Google's services in iframes using custom URLs such as these:

https://contacts.google.com/u/0/?bm_contentscript=contacts&bm_embed=1&bm_fix_embed=1&bm_namespace=social_ContactsUi&bm_instance=USERID&bm_functionnames=bg%2CAe%2CEe%2CBe

With bm being obviously black menu.

So, I'm wondering, does this mean the developer managed to get exclusive/special access to Google search (and others) as mobile version to embed it?

Further more, I'm able to embed Gmail in an iframe, even if I got

X-Frame-Options:SAMEORIGIN

In the headers... Although this does not work every time.

Is it a cookie problem? Should I log in with Google across the entire browser? (And, if yes, how do I do that?).

Makyen
  • 31,849
  • 12
  • 86
  • 121
Guillaume
  • 21
  • 3
  • 1
    [Getting around X-Frame-Options DENY in a Chrome extension?](//stackoverflow.com/a/15534822) – wOxxOm Feb 23 '17 at 09:43
  • You have identified an extension that does what you want. Why have you not just downloaded the extension, and looked at the code to see how thye do it? – Makyen Feb 23 '17 at 19:01

0 Answers0