拒绝在框架中显示“https://example.tld/”,因为它将“X-Frame-Options”设置为“拒绝”
[英]Refused to display 'https://example.tld/' in a frame because it set 'X-Frame-Options' to 'deny'
问题描述
I'm making a browser extension.
我正在制作浏览器扩展。 I have created a popup window that is opened after the user click on a button.我创建了一个在用户单击按钮后打开的弹出窗口。 I have a form input and an iframe, I want that when the user enter an url it will be able to display it inside the iframe but I'm facing this issue我有一个表单输入和一个 iframe,我希望当用户输入一个 url 时,它能够在 iframe 内显示它,但我正面临这个问题
Refused to display 'https://discord.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
A lot of websites will not load into the iframe and I'm not able to find a way to manage this.许多网站不会加载到 iframe 中,我无法找到一种方法来管理它。
What I want to achive is to have an indipendent webView that will be act like the browser and will load an url when it's inserted by the user.我想要实现的是拥有一个独立的 webView,它将像浏览器一样运行,并在用户插入时加载一个 url。 The iframe is the most flexible solution I think, but if anyone have any suggestion on how to implement this I will appreciate. iframe 是我认为最灵活的解决方案,但如果有人对如何实现这一点有任何建议,我将不胜感激。
1 个解决方案
解决方案1
1 已采纳 2020-10-06 03:32:37
Take a look at the X-Frame-Options header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options看看X-Frame-Options标头: https : //developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
The response header you are getting back from https://discord.com/ does not allow the browser to render it inside an <iframe> element.您从https://discord.com/返回的响应头不允许浏览器在<iframe>元素内呈现它。 This is for security reasons and you likely won't be able to find a workaround (otherwise it would be a security loophole).这是出于安全原因,您可能无法找到解决方法(否则这将是一个安全漏洞)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.