基于iframe的铬扩展中的权限该如何处理?
我正在做一个镀铬的分机,里面有一个iframe。当扩展请求到服务器以获取页面时,它将返回一个错误Refused to display 'https://subdomain.example.com/' in a frame because it set 'X-Frame-Options' to 'deny'。虽然我已经在我的x-frame-options文件中将deny设置为deny,并且在后端项目中的特定方法中添加了一个header('x-frame-options: GOFORIT'),但它返回了另一个错误Refused to display 'https://subdomain.example.com/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'。我将webRequest和webRequestBlocking添加到webRequestBlocking文件中的permissions中。没有运气,它返回了'webRequestBlocking' requires manifest version of 2 or lower和Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest.,所以我从权限中删除了webRequestBlocking,并添加了与v3一样的declarativeNetRequest。没有结果!!然后我又说
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
for (var i=headers.length-1; i>=0; --i) {
var header = headers[i].name.toLowerCase();
if (header == 'x-frame-options' || header == 'frame-options') {
headers.splice(i, 1); // Remove header
}
}
return {responseHeaders: headers};
}, {
urls: [
'*://*/*', // Pattern to match all http(s) pages
// '*://*.example.org/*', // Pattern to match one http(s) site
],
types: [ 'sub_frame' ]
}, [
'blocking',
'responseHeaders',
// Modern Chrome needs 'extraHeaders' to see and change this header,
// so the following code evaluates to 'extraHeaders' only in modern Chrome.
chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
].filter(Boolean)
);给我的script.js,它返回了Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')
我应该做些什么来只允许扩展请求到服务器?
回答 1
Stack Overflow用户
发布于 2021-09-14 11:53:05
正如错误消息所述,一种解决方案是在"manifest_version": 2和"webRequestBlocking"中使用"permissions"。
另一个解决方案是declarativeNetRequest,它是一个具有完全不同语法的新API,因此您必须完全重写代码,下面是一个示例:链接。
https://stackoverflow.com/questions/69177082
复制相似问题
腾讯云开发者
