Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Source code for "Ignore X-Frame headers" chrome extension; see https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe
chrome.webRequest.onHeadersReceived.addListener(
function (details) {
for (var i = 0; i < details.responseHeaders.length; ++i) {
if (details.responseHeaders[i].name.toLowerCase() == 'x-frame-options') {
details.responseHeaders.splice(i, 1);
return {
responseHeaders: details.responseHeaders
};
}
}
}, {
urls: ["<all_urls>"]
}, ["blocking", "responseHeaders"]);
{
"background": {
"scripts": [ "background.js" ]
},
"description": "Drops X-Frame-Options HTTP response headers, allowing all pages to be iframed.",
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDysh7qP/8H9qUMb0R9BZbk2NDirtNgRyo9AEh9C5HFcoMELEzJ/M/sCqn/yDM/Z7GK3t+w02zCeTBknLEUwgFL9kRxVV4s1kfgbijVHTSJkII6OjqiWDPkDeyMJ1oOr156Rct2bp2MAwOf0Tk1bm2UdwNbJxoE5sQFd2Hbu+WFxQIDAQAB",
"manifest_version": 2,
"name": "Ignore X-Frame headers",
"permissions": [ "webRequest", "webRequestBlocking", "\u003Call_urls>" ],
"update_url": "http://clients2.google.com/service/update2/crx",
"version": "1.0"
}
@phyr0s

This comment has been minimized.

Copy link

@phyr0s phyr0s commented May 14, 2015

¿How I can use in one website to insert this script to enable one iframe?

@techsin

This comment has been minimized.

Copy link

@techsin techsin commented Jul 5, 2015

Do tou know about documentation, in there i see that it only takes handlers and not last two parameters like object and an array

@rhew

This comment has been minimized.

Copy link

@rhew rhew commented Sep 10, 2015

Hi Alex.

Thank you for this extension, it helped me make a nice presentation with sites in iframes. I made a minor change that strips multiple x-frame-headers. Feel free to pick it up and include it (I cant find a way to make a pull request against a gist).

https://gist.github.com/rhew/9ffa6d4b1b23b162b6ab#file-background-js

Thanks again,
James

@lingyanmeng

This comment has been minimized.

Copy link

@lingyanmeng lingyanmeng commented Nov 8, 2016

It works like a charm. Thanks a lot.

@SonicACCEL

This comment has been minimized.

Copy link

@SonicACCEL SonicACCEL commented May 10, 2017

Is there any way to "Ignore X-Frame Headers" when using CrossWalk Project? I would like to use IFRAME of various content sources within my CrossWalk powered application.

@tpass9161

This comment has been minimized.

Copy link

@tpass9161 tpass9161 commented Aug 18, 2017

HII , Can you please provide mi stepwise guide how to add this code into normal html file like..index.html which contain frame
it will be great help

@hoangnguyenbkict

This comment has been minimized.

Copy link

@hoangnguyenbkict hoangnguyenbkict commented Nov 28, 2019

how i can do you import file manifest.json

@ShamiliArj

This comment has been minimized.

Copy link

@ShamiliArj ShamiliArj commented Aug 26, 2020

This doesn't help in case of running headless.

@lpolawski

This comment has been minimized.

Copy link

@lpolawski lpolawski commented Nov 18, 2020

Hi I have a question about your implementation
is a chance that your code will be work when i run scripts via : npm run "scripts" command
it will automatically add ignore addon ?

Regards

@chaptergy

This comment has been minimized.

Copy link

@chaptergy chaptergy commented Jan 19, 2021

For me this no longer works since new permissions were added sometime in chrome. I have created an extension with the new permissions and some more things: https://github.com/chaptergy/webextension-allow-sso-iframes

@guilryder

This comment has been minimized.

Copy link

@guilryder guilryder commented May 6, 2021

Recommendations as the "Ignore X-Frame headers" Chrome extension author:

@Mkawad

This comment has been minimized.

Copy link

@Mkawad Mkawad commented May 7, 2021

Hi all, i'm trying to config a new project with cypress and everything was good until i faced an issue which is :
every time i try to hit a url via cy.visit it stop with an error displayed as 404 even though the url is right
i read about this issue and kind of an issue with same origin policy i'm not sure
can anyone help me please with this issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment