基于iframe的chrome扩展中的权限怎么办?
What to do with the permissions in chrome extension based on iframe?
我正在制作一个 chrome 扩展程序,其中包含一个 iframe。当扩展请求服务器以获取页面时,它 returns 一个错误 Refused to display 'https://subdomain.example.com/' in a frame because it set 'X-Frame-Options' to 'deny'。虽然我在我的 .htaccess 文件中将 x-frame-options 设置为 deny 并在我的后端项目的特定方法中添加了 header('x-frame-options: GOFORIT') ,但它返回了另一个错误 Refused to display 'https://subdomain.example.com/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'.我在 manifest.json 文件中将 webRequest 和 webRequestBlocking 添加到 permissions。运气不好,它返回 'webRequestBlocking' requires manifest version of 2 or lower 和 Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest. 所以我从权限中删除了 webRequestBlocking 并添加了 declarativeNetRequest,因为它是 v3。没有结果!!然后我添加了
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
for (var i=headers.length-1; i>=0; --i) {
var header = headers[i].name.toLowerCase();
if (header == 'x-frame-options' || header == 'frame-options') {
headers.splice(i, 1); // Remove header
}
}
return {responseHeaders: headers};
}, {
urls: [
'*://*/*', // Pattern to match all http(s) pages
// '*://*.example.org/*', // Pattern to match one http(s) site
],
types: [ 'sub_frame' ]
}, [
'blocking',
'responseHeaders',
// Modern Chrome needs 'extraHeaders' to see and change this header,
// so the following code evaluates to 'extraHeaders' only in modern Chrome.
chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
].filter(Boolean)
);
到我的script.js,它返回Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')
我应该怎么做才能只允许扩展程序向服务器请求?
如错误消息所述,一种解决方案是在 "permissions" 中使用 "manifest_version": 2 和 "webRequestBlocking"。
另一个解决方案是declarativeNetRequest, which is a new API with completely different syntax so you'll have to rewrite your code entirely, here's an example: link。
我正在制作一个 chrome 扩展程序,其中包含一个 iframe。当扩展请求服务器以获取页面时,它 returns 一个错误 Refused to display 'https://subdomain.example.com/' in a frame because it set 'X-Frame-Options' to 'deny'。虽然我在我的 .htaccess 文件中将 x-frame-options 设置为 deny 并在我的后端项目的特定方法中添加了 header('x-frame-options: GOFORIT') ,但它返回了另一个错误 Refused to display 'https://subdomain.example.com/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'.我在 manifest.json 文件中将 webRequest 和 webRequestBlocking 添加到 permissions。运气不好,它返回 'webRequestBlocking' requires manifest version of 2 or lower 和 Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest. 所以我从权限中删除了 webRequestBlocking 并添加了 declarativeNetRequest,因为它是 v3。没有结果!!然后我添加了
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
for (var i=headers.length-1; i>=0; --i) {
var header = headers[i].name.toLowerCase();
if (header == 'x-frame-options' || header == 'frame-options') {
headers.splice(i, 1); // Remove header
}
}
return {responseHeaders: headers};
}, {
urls: [
'*://*/*', // Pattern to match all http(s) pages
// '*://*.example.org/*', // Pattern to match one http(s) site
],
types: [ 'sub_frame' ]
}, [
'blocking',
'responseHeaders',
// Modern Chrome needs 'extraHeaders' to see and change this header,
// so the following code evaluates to 'extraHeaders' only in modern Chrome.
chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
].filter(Boolean)
);
到我的script.js,它返回Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')
我应该怎么做才能只允许扩展程序向服务器请求?
如错误消息所述,一种解决方案是在 "permissions" 中使用 "manifest_version": 2 和 "webRequestBlocking"。
另一个解决方案是declarativeNetRequest, which is a new API with completely different syntax so you'll have to rewrite your code entirely, here's an example: link。