1

I am making a chrome extension which has an iframe in it. When the extension requests to the server in order to get the page, it returns an error Refused to display 'https://subdomain.example.com/' in a frame because it set 'X-Frame-Options' to 'deny'. Although I have set the x-frame-options to deny in my .htaccess file and added a header('x-frame-options: GOFORIT') in my specific method in my back-end project, it returned another error Refused to display 'https://subdomain.example.com/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'. I added webRequest and webRequestBlocking to permissions in my manifest.json file. No luck and it returned 'webRequestBlocking' requires manifest version of 2 or lower and Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest. So I removed webRequestBlocking from the permissions and added declarativeNetRequest as it is for v3. No result!! Then I added

chrome.webRequest.onHeadersReceived.addListener(
    function(info) {
        var headers = info.responseHeaders;
        for (var i=headers.length-1; i>=0; --i) {
            var header = headers[i].name.toLowerCase();
            if (header == 'x-frame-options' || header == 'frame-options') {
                headers.splice(i, 1); // Remove header
            }
        }
        return {responseHeaders: headers};
    }, {
        urls: [
            '*://*/*', // Pattern to match all http(s) pages
            // '*://*.example.org/*', // Pattern to match one http(s) site
        ], 
        types: [ 'sub_frame' ]
    }, [
        'blocking',
        'responseHeaders',
        // Modern Chrome needs 'extraHeaders' to see and change this header,
        // so the following code evaluates to 'extraHeaders' only in modern Chrome.
        chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
    ].filter(Boolean)
);

to my script.js, it returned Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')

What should I do to allow ONLY the extension to request to the server?

kodfire
  • 1,612
  • 3
  • 18
  • 57

1 Answers1

6

As the error message says, one solution is to use "manifest_version": 2 and "webRequestBlocking" in "permissions".

Another solution is declarativeNetRequest, which is a new API with completely different syntax so you'll have to rewrite your code entirely, here's an example: link.

wOxxOm
  • 65,848
  • 11
  • 132
  • 136
  • As I have mentioned, I have set those you said here, No result! – kodfire Sep 14 '21 at 11:59
  • No, you were using manifest_version 3, which is why the error was shown, but you should use 2. – wOxxOm Sep 14 '21 at 12:01
  • I meant the `declarativeNetRequest` didn't work in version 3. If I change the version to 2, should I change the code of `manifest.json` or you meant the `script.js` – kodfire Sep 14 '21 at 12:04
  • My answer describes two solutions. The first one is simple. The second one requires you to rewrite everything. – wOxxOm Sep 14 '21 at 12:05
  • Here's an example of the second solution: [link](https://stackoverflow.com/a/69177790). – wOxxOm Sep 14 '21 at 12:29
  • This `Invalid value for 'minimum_chrome_version'. Could not load manifest.` and this `Must specify one of background.page or background.scripts to use background.persistent. Could not load manifest.` are the errors returned when using your key values in the `manifest.json` file. – kodfire Sep 15 '21 at 04:58
  • You're looking at the old version of the answer. Refresh the page. – wOxxOm Sep 15 '21 at 05:24
  • Again `Must specify one of background.page or background.scripts to use background.persistent`. I think there should be a `scripts` key there, isn't it? – kodfire Sep 15 '21 at 05:42
  • The answer I've linked has `"background": {"service_worker": "bg.js"}` so you're not copying it correctly. Delete your old `background` section and use the one in the answer. If you want to make a ManifestV3 extension then you should probably start with [the introduction](https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/). – wOxxOm Sep 15 '21 at 05:49
  • It is `background.service_worker`, however the error is saying `Must specify one of background.page or background.scripts`. – kodfire Sep 15 '21 at 05:52
  • It means your manifest.json is incorrect. See the article I've linked and fix it accordingly. Start with `"manifest_version": 3`. – wOxxOm Sep 15 '21 at 05:59