Skip to content
This repository has been archived by the owner on Jan 14, 2022. It is now read-only.

Show if input site disallows iframe #4

Open
soup-bowl opened this issue Nov 24, 2016 · 2 comments
Open

Show if input site disallows iframe #4

soup-bowl opened this issue Nov 24, 2016 · 2 comments
Assignees
@soup-bowl
Labels
enhancement settings
Milestone
Version 0.5b

Comments

@soup-bowl
Copy link
Owner

soup-bowl commented Nov 24, 2016
edited
Loading

Request to see if sites inputted by the user are blocked by X-Frame-Options: SAMEORIGIN header.

A good example of this is Google.com.
@soup-bowl soup-bowl added this to the Version 0.2 milestone Nov 24, 2016
@soup-bowl soup-bowl self-assigned this Nov 24, 2016
@soup-bowl
Copy link
Owner Author

As far as I understand, JavaScript is unable to properly access response headers from a request, and as such is impossible to determine same-origin without using hack methods.

@soup-bowl soup-bowl reopened this Nov 28, 2016
@soup-bowl soup-bowl modified the milestones: Version 0.3, Version 0.2 Nov 28, 2016
@soup-bowl soup-bowl removed the wontfix label Nov 28, 2016
@soup-bowl
Copy link
Owner Author

soup-bowl commented Nov 28, 2016
edited
Loading

Could try:

  • Simulate IFrame on AJAX query and detect blank response.
  • Hidden IFrame, dynamically load inputted entries and check if IFrame is empty.
  • Develop an off-extension API to determine SAMEORIGIN.

@soup-bowl soup-bowl mentioned this issue Nov 28, 2016
Closed
@soup-bowl soup-bowl modified the milestones: Version 0.4, Version 0.3 Dec 12, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@soup-bowl soup-bowl

Labels
enhancement settings
Projects
None yet
Milestone
Version 0.5b
Development

No branches or pull requests
1 participant
@soup-bowl