Why after --disable-web-security and deleting x-frame-options header this error still showing?

Question

I'm creating a webapp in electron, a web-crawler with a neural network, which needs all webSecurities to be disabled

i tried modifying the headers (X-Frame-Origin,access-control-allow-origin etc..) , using flags like chrome --allow-file-access-from-files --disable-web-security --user-data-dir="" etc... nothing seems to remove the error above

The iframe is showing the ORIGIN restricted websites after i modified the xframe header, but when i try to access its document, the error above pops

i tried running it in chrome and firefox, and the same behaviour is encoutered

been googling for 4 hours now and i can't seem to find an appropriate answer. if you think this is a duplicated please include a link, it would help a lot

score 4 · Accepted Answer · answered Jul 02 '19 at 12:59

4

i found the solution ,the disable site isolation trial should be toggled on :

app.commandLine.appendSwitch('disable-site-isolation-trials')

answered Jul 02 '19 at 12:59

aymen ayoo

92
9

score 0 · Answer 2 · answered Jan 09 '22 at 17:19

The only solution I've found that is not deprecated (so far, to this date) is the bellow, old aproaches like webPreferences: { webSecurity: false } wont work anymore as webSecurity no longer controls CORS.

mainWindow.webContents.session.webRequest.onHeadersReceived({ urls: [ "*://*/*" ] },
(d, c)=>{
    if(d.responseHeaders['X-Frame-Options']){
        delete d.responseHeaders['X-Frame-Options'];
    } else if(d.responseHeaders['x-frame-options']) {
        delete d.responseHeaders['x-frame-options'];
    }
    c({cancel: false, responseHeaders: d.responseHeaders});
}

);

Why after --disable-web-security and deleting x-frame-options header this error still showing?

2 Answers2