About

Getting around <meta> X-Frame-Options DENY in a Chrome extension?

Asked 2/4, 2013 at 6:12 Answered 28/4, 2013 at 16:15

javascript iframe google-chrome-extension x-frame-options

I'm writing a chrome extension that like intab loads links in an inline iframe, it works great except for sites that set the X-Frame-Options header to DENY or SAMEORIGIN.

In this Question a working solution provided for the case where the HTTP header contains X-Frame-Options property. But, X-Frame-Options can also be set in a element in the HTML .

Is there a way to remove this element before it's being loaded by chrome?

Disoperation answered 2/4, 2013 at 6:12 Comment(0)

`<meta name="X-frame-options"/>`

There is no such thing as <meta name="X-Frame-Options">.
And, manipulating the DOM before chrome loads it, is also not possible.
Chrome loads a page, and then creates the dom.

But what are `x-frame-options` then?

X-frame-options are server-side set http headers.
They are part of the security protection (e.g. against clickjacking). Chrome or any other browser will not let you ignore/change it. Period.
Side note:if it's your site, you can change x-frame-options per PHP.
Side note #2: the only way to do this is XSS. I'm pretty sure you don't want to do that.

Effloresce answered 28/4, 2013 at 16:15 Comment(1)

Is no one paying attention in here? If this answer is bad, just comment, don't ignore it. – Effloresce 1/5, 2013 at 16:14

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

<meta name="X-frame-options"/>

But what are x-frame-options then?

Recommended topics

Hot tags

`<meta name="X-frame-options"/>`

But what are `x-frame-options` then?